SUN-SENTINEL AND FEDERAL TRADE COMMISSION WEB SITES
Tuesday, December 30, 2008
You've realized you're the victim of identity theft or think you might be, so what do you do? The No. 1 rule is to act fast. Don't hesitate to contact your financial institutions and close accounts. Here are more things you can do.
IF YOU'RE A VICTIM
• Act fast. Identity theft can damage your credit rating. Report suspicious activities — such as unsolicited credit cards arriving in the mail — and monitor credit reports at least once a year for erroneous information.
• Close all accounts that have been tampered with or opened fraudulently. Speak with someone in the security or fraud department of each company and report the crime.
• Close all credit card accounts and destroy the cards.
• Place a fraud alert on your credit reports. Fraud alerts can help prevent an identity thief from opening any more accounts in your name. Potential creditors must contact you before issuing a credit card.
• Request a copy of your credit report. You are entitled to a free credit report every year. If you sign up for an extended fraud alert, you are entitled to up to two free credit reports from each of the three bureaus. Monitor your credit by requesting a credit report every six months after discovering the crime.
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
YOU MIGHT BE A VICTIM
Take the following steps if you think you could be a possible victim because your personal, sensitive information was compromised in some way.
• Close all affected accounts and have account numbers changed.
• Cancel all affected credit cards and debit cards.
• Protect your account with a password.
• Watch your account statements closely.
• Report any fraudulent activity immediately to the bank.
• If your insurance information is compromised change the policy numbers.
• If it was human resources data that was compromised, change account numbers for your 401-k, life insurance, and account holding your stock options. Use passwords to protect these accounts as well.
• File a complaint with the Federal Trade Commission. Call FTC's Identity Theft Hotline: 877-438-4338. To file a complaint with the Internet Crime Complaint Center, go to www.ic3.gov/complaint/ default.aspx.To file a complaint with Florida Attorney General's Office, call the fraud hotline at866-966-7226.
COMPUTER THE SUSPECTED SOURCE
• Stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information. Malware could be sending your personal information to identity thieves.
• Confirm that your security software is up-to-date, then use it to scan your computer. Delete everything the program identifies as a problem. You may have to restart your computer for the changes to take effect.
• If the problem persists after you exhaust your ability to diagnose and treat it, you might want to call for professional help. If your computer is covered by a warranty that offers free tech support, contact the manufacturer.
Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem.
• If you believe you have mistakenly given your personal information to a fraudster, file a complaint at ftc.gov, and then visit the Federal Trade Commission's Identity Theft website at ftc.gov/idtheft to learn how to minimize your risk of damage from a potential theft of your identity.
• Report computer fraud.
Hacking or a computer virus: Contact your Internet Service Provider as well as the hacker's, if you can tell what it is. You can usually find an ISP's e-mail address on its Web site. Include information on the incident from your firewall's log file. By alerting the ISP to the problem on its system, you can help it prevent similar problems in the future.
Contact the FBI at www.ic3.gov. To fight computer criminals, they need to hear from you.
Internet fraud: If a scammer takes advantage of you through an Internet auction, when you're shopping online, or in any other way, report it to the Federal Trade Commission, at ftc.gov. The FTC enters Internet, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
Deceptive spam: If you get deceptive spam, including email phishing for your information, forward it to spam@uce.gov. Be sure to include the full header of the e-mail, including all routing information. You also may report phishing e-mail to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
Tuesday, December 30, 2008
Monday, December 29, 2008
How to Prevent and Cure Medical ID Theft; This Type of Identity Theft Can Cause Even Greater Harm
Most people know that if their wallets are stolen, they need to call their credit card issuers and cancel their cards. Ditto with their driver's licenses and debit cards. But it might never occur to them to call their health insurance providers to report the theft of their health insurance identification cards.
It should. In the same way that a thief can steal your identity to open credit card accounts and rack up huge bills in your name, a thief can also steal your medical identity to run up tens of thousands of dollars in medical bills. Once your insurance company pays its portion, the balance will be charged to you.
Medical identity theft is defined as the theft or unauthorized use of a person's personal information to obtain unauthorized medical goods and services, says Byron Hollis, managing director of the national anti-fraud department for the Blue Cross Blue Shield Association. Sometimes, it's a family member who doesn't have health insurance who uses your card to get medical treatment. But it's just as likely to be an "opportunistic burglar" who then uses a health insurance card to try to get drugs from a doctor or a crooked doctor who bills for services he didn't provide. It could even be organized theft ring that sets up fake clinics to bilk insurance companies for payment on nonexistent treatment, or obtains medical equipment that it then sells on the black market.
"Organized groups are certainly more dangerous," Hollis says, "but from a personal level, even an opportunistic theft or unauthorized use by a family member can be devastating financially to you or to your medical records."
The impact of medical identity theft
While medical identity theft is similar to financial identity theft, it's far more difficult to resolve. Identity theft is often discovered early on the financial side because credit card issuers have sophisticated systems for detecting fraudulent use of credit cards. Plus, nearly all financial institutions use one or more of the three credit reporting agencies.
"There's not a centralized repository for medical records," says Jeremy Miller, director of the investigation and restoration center for Nashville, Tenn.-based Kroll Fraud Solutions, which works with businesses and consumers to address problems related to identity theft. "To be able to have something like that could potentially reduce the risk of becoming a victim or reduce the recovery time. It's important to know this may not be a problem that goes away."
Every time a thief uses your medical identity to obtain medical care, it creates records with their medical information that could be mistaken for yours -- a different blood type, a history of drug or alcohol abuse, test results that aren't yours, or a diagnosis of an illness you don't have.
"It can create a very dangerous situation," Hollis says.
It can also create a health insurance crisis for you by exhausting your insurance benefits. "Most policies have a lifetime cap," Hollis says. "If you're already accessing medical coverage, you can burn through that in a short period of time."
Plus, it could create problems for you if you ever apply individually for health insurance, disability insurance or long-term care coverage. Unlike credit reporting agencies, health care providers are not required to delete or correct incorrect information on your medical records. They'll typically amend your records with a notation that some information may be suspect, but that's about it. An insurer might want to exclude covering you for treatment of a condition because your medical record indicates it's a pre-existing condition. Even worse, you could be turned down for coverage.
Uncovering medical identity theft is tough
Most people never find out that they've been a victim of medical identity theft until they get a notice of an unpaid bill for medical care they never received. By then, their credit is already damaged. That's nothing, however, compared to the case of a Salt Lake City woman who learned that her medical identity had been stolen when a state social worker and a police officer showed up at her house to take custody of her children.
"They said she'd abandoned her baby at the hospital," says Alex Johnson, a former special investigator with the FBI who now heads up a special investigative unit for Regence Group, the largest health insurer in the Northwest/Intermountain region. "Seven or eight months earlier, her purse was stolen. The lady who stole her purse was a drug seeker who was pregnant. She used the woman's ID to have the baby. A couple days later, she deserted the baby and took off. The information they had was on this woman."
The best chance for early detection of medical identity theft is to do what hardly anyone does -- actually read the Explanation of Benefits, or EOB, statement that your insurance provider sends you after you've received covered treatment.
Look for the name of the provider, the date of service, and the service provided. Sometimes, the fraud is obvious. If it says Dr. John Smith performed surgery on you on Nov. 14 and you were on a Caribbean cruise that week, you know you're a victim. But if you went to Dr. Smith that day and he gave you a shot of steroids for frozen shoulder, the insurance codes classify that as a surgery. Call your insurer's customer service number if something doesn't seem right.
Also, exercise your right to a free annual copy of your credit report. Most medical identity theft first shows up when the claim makes the transition to the billing department. If you have an unpaid medical bill on your credit report, that's a major clue that you're a victim. Another freebie is an annual benefits request to your health insurer; that will give you a list of all the benefits paid in your name for the year.
Another method for checking comes courtesy of Trisha Torrey, an About.com guide and newspaper columnist who focuses on patient empowerment. "Each time you make a doctor's appointment," she says, "ask them to verify the last time you were there." If the dates don't match your own records, call your insurance company and report your suspicions.
You can also check for discrepancies with the Medical Information Bureau. Hundreds of health-related insurance companies belong to this bureau, which collects personal information about individuals who apply for health and life insurance in much the same way that the credit bureaus collect financial information for credit issuers. It's far from comprehensive; it only collects information on people who apply for coverage individually. However, Torrey says, "they can be an entry to any other health-related organizations that might have your bogus information or stolen information."
Preventing it may be tougher
The tips for preventing medical identity theft are similar to those suggested for financial identity theft, such as shredding documents with your health insurance ID number on it instead of throwing them in the trash. Protect your insurance card and insurance information "just like you do your financial information," Hollis says. "Know where it's at and check it every once in awhile to make sure it's still in your wallet."
Practice "situational awareness" at the doctor's office or pharmacy, he says, paying attention to who's nearby when you're giving the staff your insurance card. Don't leave it sitting on the counter in plain view. Also, make sure you have an up-to-date firewall on your computer.
Preventing medical identity theft gets tough, though, because so many people have access to the information after it leaves your hands.
"It's so simple to do," Torrey says. "You've got all kinds of low-paid personnel working in a doctor's office and the cards are getting photocopied all the time."
Bottom line: If you're a victim, don't beat yourself up about it. The chances are pretty good that the deed happened after the information left your hands.
What to do if you're a victim
First things first: Call the police and report it. You're a victim of fraud. Also, call your insurance company and ask for the fraud department. They'll shut down your health insurance account, issue you a new card, and help you work through the process of dealing with any bill collectors and correcting the erroneous information that's now on file about you. Hollis says he'd prefer that customers call his department before calling the medical provider that generated the bogus claim. While that might seem like the natural thing to do, he points out that someone in that office -- even the person who answers the phone -- might be in on the scam.
"It would certainly help us in the investigation if the provider is not alerted," he says.
Also, contact the three credit bureaus, your bank, and your credit card issuers. Let them know your medical identity has been stolen so you can start cleaning up your credit.
Request access to your medical records from your health insurer and your health care providers. The World Privacy Forum has a detailed FAQ on the process. Among the steps to take is a request for an accounting of disclosures. This will help you find out who has information about you and, hopefully, correct it.
Finally, Torrey says, "make notes everywhere that it's been stolen with a phone number people can call to get the right information. If you're in an accident and can't answer questions, they could pull up the wrong information."
It should. In the same way that a thief can steal your identity to open credit card accounts and rack up huge bills in your name, a thief can also steal your medical identity to run up tens of thousands of dollars in medical bills. Once your insurance company pays its portion, the balance will be charged to you.
Medical identity theft is defined as the theft or unauthorized use of a person's personal information to obtain unauthorized medical goods and services, says Byron Hollis, managing director of the national anti-fraud department for the Blue Cross Blue Shield Association. Sometimes, it's a family member who doesn't have health insurance who uses your card to get medical treatment. But it's just as likely to be an "opportunistic burglar" who then uses a health insurance card to try to get drugs from a doctor or a crooked doctor who bills for services he didn't provide. It could even be organized theft ring that sets up fake clinics to bilk insurance companies for payment on nonexistent treatment, or obtains medical equipment that it then sells on the black market.
"Organized groups are certainly more dangerous," Hollis says, "but from a personal level, even an opportunistic theft or unauthorized use by a family member can be devastating financially to you or to your medical records."
The impact of medical identity theft
While medical identity theft is similar to financial identity theft, it's far more difficult to resolve. Identity theft is often discovered early on the financial side because credit card issuers have sophisticated systems for detecting fraudulent use of credit cards. Plus, nearly all financial institutions use one or more of the three credit reporting agencies.
"There's not a centralized repository for medical records," says Jeremy Miller, director of the investigation and restoration center for Nashville, Tenn.-based Kroll Fraud Solutions, which works with businesses and consumers to address problems related to identity theft. "To be able to have something like that could potentially reduce the risk of becoming a victim or reduce the recovery time. It's important to know this may not be a problem that goes away."
Every time a thief uses your medical identity to obtain medical care, it creates records with their medical information that could be mistaken for yours -- a different blood type, a history of drug or alcohol abuse, test results that aren't yours, or a diagnosis of an illness you don't have.
"It can create a very dangerous situation," Hollis says.
It can also create a health insurance crisis for you by exhausting your insurance benefits. "Most policies have a lifetime cap," Hollis says. "If you're already accessing medical coverage, you can burn through that in a short period of time."
Plus, it could create problems for you if you ever apply individually for health insurance, disability insurance or long-term care coverage. Unlike credit reporting agencies, health care providers are not required to delete or correct incorrect information on your medical records. They'll typically amend your records with a notation that some information may be suspect, but that's about it. An insurer might want to exclude covering you for treatment of a condition because your medical record indicates it's a pre-existing condition. Even worse, you could be turned down for coverage.
Uncovering medical identity theft is tough
Most people never find out that they've been a victim of medical identity theft until they get a notice of an unpaid bill for medical care they never received. By then, their credit is already damaged. That's nothing, however, compared to the case of a Salt Lake City woman who learned that her medical identity had been stolen when a state social worker and a police officer showed up at her house to take custody of her children.
"They said she'd abandoned her baby at the hospital," says Alex Johnson, a former special investigator with the FBI who now heads up a special investigative unit for Regence Group, the largest health insurer in the Northwest/Intermountain region. "Seven or eight months earlier, her purse was stolen. The lady who stole her purse was a drug seeker who was pregnant. She used the woman's ID to have the baby. A couple days later, she deserted the baby and took off. The information they had was on this woman."
The best chance for early detection of medical identity theft is to do what hardly anyone does -- actually read the Explanation of Benefits, or EOB, statement that your insurance provider sends you after you've received covered treatment.
Look for the name of the provider, the date of service, and the service provided. Sometimes, the fraud is obvious. If it says Dr. John Smith performed surgery on you on Nov. 14 and you were on a Caribbean cruise that week, you know you're a victim. But if you went to Dr. Smith that day and he gave you a shot of steroids for frozen shoulder, the insurance codes classify that as a surgery. Call your insurer's customer service number if something doesn't seem right.
Also, exercise your right to a free annual copy of your credit report. Most medical identity theft first shows up when the claim makes the transition to the billing department. If you have an unpaid medical bill on your credit report, that's a major clue that you're a victim. Another freebie is an annual benefits request to your health insurer; that will give you a list of all the benefits paid in your name for the year.
Another method for checking comes courtesy of Trisha Torrey, an About.com guide and newspaper columnist who focuses on patient empowerment. "Each time you make a doctor's appointment," she says, "ask them to verify the last time you were there." If the dates don't match your own records, call your insurance company and report your suspicions.
You can also check for discrepancies with the Medical Information Bureau. Hundreds of health-related insurance companies belong to this bureau, which collects personal information about individuals who apply for health and life insurance in much the same way that the credit bureaus collect financial information for credit issuers. It's far from comprehensive; it only collects information on people who apply for coverage individually. However, Torrey says, "they can be an entry to any other health-related organizations that might have your bogus information or stolen information."
Preventing it may be tougher
The tips for preventing medical identity theft are similar to those suggested for financial identity theft, such as shredding documents with your health insurance ID number on it instead of throwing them in the trash. Protect your insurance card and insurance information "just like you do your financial information," Hollis says. "Know where it's at and check it every once in awhile to make sure it's still in your wallet."
Practice "situational awareness" at the doctor's office or pharmacy, he says, paying attention to who's nearby when you're giving the staff your insurance card. Don't leave it sitting on the counter in plain view. Also, make sure you have an up-to-date firewall on your computer.
Preventing medical identity theft gets tough, though, because so many people have access to the information after it leaves your hands.
"It's so simple to do," Torrey says. "You've got all kinds of low-paid personnel working in a doctor's office and the cards are getting photocopied all the time."
Bottom line: If you're a victim, don't beat yourself up about it. The chances are pretty good that the deed happened after the information left your hands.
What to do if you're a victim
First things first: Call the police and report it. You're a victim of fraud. Also, call your insurance company and ask for the fraud department. They'll shut down your health insurance account, issue you a new card, and help you work through the process of dealing with any bill collectors and correcting the erroneous information that's now on file about you. Hollis says he'd prefer that customers call his department before calling the medical provider that generated the bogus claim. While that might seem like the natural thing to do, he points out that someone in that office -- even the person who answers the phone -- might be in on the scam.
"It would certainly help us in the investigation if the provider is not alerted," he says.
Also, contact the three credit bureaus, your bank, and your credit card issuers. Let them know your medical identity has been stolen so you can start cleaning up your credit.
Request access to your medical records from your health insurer and your health care providers. The World Privacy Forum has a detailed FAQ on the process. Among the steps to take is a request for an accounting of disclosures. This will help you find out who has information about you and, hopefully, correct it.
Finally, Torrey says, "make notes everywhere that it's been stolen with a phone number people can call to get the right information. If you're in an accident and can't answer questions, they could pull up the wrong information."
Sunday, December 28, 2008
FTC Will Grant Six-Month Delay of Enforcement of 'Red Flags' Rule Requiring Creditors and Financial Institutions to Have Identity Theft Prevention Pro
The Federal Trade Commission will suspend enforcement of the new “Red Flags Rule” until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. Today’s announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.
The Red Flags Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.
The Rule applies to creditors and financial institutions. Federal law defines a creditor to be: any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not, in and of itself, make an entity a creditor. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, and non-profit and government entities that defer payment for goods or services. Financial institutions include entities that offer accounts that enable consumers to write checks or to make payments to third parties through other means, such as other negotiable instruments or telephone transfers.
The Commission staff launched outreach efforts last year to explain the Rule to the many different types of entities that are covered by the Rule. The agency published a general alert on what the Rule requires, and, in particular, an explanation of what types of entities are covered by the Rule – http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm. During the course of these efforts, Commission staff learned that some industries and entities within the FTC’s jurisdiction were uncertain about their coverage under the Rule. These entities indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACT Act’s definition of creditor or financial institution. Many entities also noted that, becausethey generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule’s requirements too late to be able to come into compliance by November 1, 2008. The Commission’s delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC's Web site provides free information on a variety of consumer topics.
MEDIA CONTACT:
Office of Public Affairs 202-326-2180
******************************
Our Affirmative Defense Response System (ADRS) provides your company a plan of action, including a privacy policy and employee training, at no direct cost to you. For more information on our ADRS program, call us at (800) 306-3063 or email us at mrapozo@hawaiilink.net. Happy holidays!!
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
www.mplss.com
The Red Flags Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.
The Rule applies to creditors and financial institutions. Federal law defines a creditor to be: any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not, in and of itself, make an entity a creditor. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, and non-profit and government entities that defer payment for goods or services. Financial institutions include entities that offer accounts that enable consumers to write checks or to make payments to third parties through other means, such as other negotiable instruments or telephone transfers.
The Commission staff launched outreach efforts last year to explain the Rule to the many different types of entities that are covered by the Rule. The agency published a general alert on what the Rule requires, and, in particular, an explanation of what types of entities are covered by the Rule – http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm. During the course of these efforts, Commission staff learned that some industries and entities within the FTC’s jurisdiction were uncertain about their coverage under the Rule. These entities indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACT Act’s definition of creditor or financial institution. Many entities also noted that, becausethey generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule’s requirements too late to be able to come into compliance by November 1, 2008. The Commission’s delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC's Web site provides free information on a variety of consumer topics.
MEDIA CONTACT:
Office of Public Affairs 202-326-2180
******************************
Our Affirmative Defense Response System (ADRS) provides your company a plan of action, including a privacy policy and employee training, at no direct cost to you. For more information on our ADRS program, call us at (800) 306-3063 or email us at mrapozo@hawaiilink.net. Happy holidays!!
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
www.mplss.com
Saturday, December 27, 2008
Steps to Take if You Are a Victim of Identity Theft
Meadow Free Press
Meadow,ID,USA
* Advising any other individuals or organizations that can be potentially victimized by the identity thief posing as you. These may include your credit card companies, banks, credit or loan services, leasing organizations and companies you interact with (utilities, etc.). Be specific about all information you have incurred in regards to the identity theft. Utilize any aid they may be able to offer, and comply with any procedures they may ask you to do.
* It is most often best to contest bills and statements for goods or services you know you did not purchase or transacted yourself. This may result in threats due to the non-payment, but it will also open communication concerning the fraud.
* If you suspect that a thief is using your identity for criminal activities, notify the police. Be prepared to share with them any information you may have that may be useful to their criminal case.
* Credit cards must be canceled immediately if you feel the least bit concerned about their security. Credit card companies will accommodate you by issuing new cards.
* You may place a "stop" order on your bank account if you suspect your account may have been accessed without your authorization. This will prevent any further transactions from taking place and stop the identity thief from wiping out your bank account.
* Advise your bank if your check books have been stolen or you feel any of the checks are missing. Your bank will place a stop on unused checks.
* If you bank online, immediately change your PIN and passwords in case they may have been compromised.
* If you have lost any of your identification such as passport, driver's license or employee identification or pass, advise issuers right away and request replacements.
* If there is a possibility that your computer has been tampered with or accessed without your knowledge, scan it for spy ware as soon as time allows it. You should also change any passwords that may have been stolen.
* Give regard to your mail delivery that it is normal and there are no unauthorized orders of redirection.
* Create a file of everything you determine concerning the identity theft. Document all correspondence and request full details concerning money owed.
If you still do not feel secure about the handling of this matter, it is best to hire an identity theft attorney. If the legal impact of the theft is piling on you then such a lawyer is highly recommended. In most circumstances, people and companies will be sympathetic to your being a victim of identity theft. Approach the situation with tact and calmness and you will find many who will make an effort to help you.
*******************************************
To provide your family a complete wall of protection, including identity theft protection and restoration, as well as unlimited access to the legal system, visit http://www.mplss.com/. Can you imagine getting all of this for less than a dollar a day?
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
(808) 645-0243 Direct
(800) 306-3063 Toll-Free
www.mplss.com
Meadow,ID,USA
* Advising any other individuals or organizations that can be potentially victimized by the identity thief posing as you. These may include your credit card companies, banks, credit or loan services, leasing organizations and companies you interact with (utilities, etc.). Be specific about all information you have incurred in regards to the identity theft. Utilize any aid they may be able to offer, and comply with any procedures they may ask you to do.
* It is most often best to contest bills and statements for goods or services you know you did not purchase or transacted yourself. This may result in threats due to the non-payment, but it will also open communication concerning the fraud.
* If you suspect that a thief is using your identity for criminal activities, notify the police. Be prepared to share with them any information you may have that may be useful to their criminal case.
* Credit cards must be canceled immediately if you feel the least bit concerned about their security. Credit card companies will accommodate you by issuing new cards.
* You may place a "stop" order on your bank account if you suspect your account may have been accessed without your authorization. This will prevent any further transactions from taking place and stop the identity thief from wiping out your bank account.
* Advise your bank if your check books have been stolen or you feel any of the checks are missing. Your bank will place a stop on unused checks.
* If you bank online, immediately change your PIN and passwords in case they may have been compromised.
* If you have lost any of your identification such as passport, driver's license or employee identification or pass, advise issuers right away and request replacements.
* If there is a possibility that your computer has been tampered with or accessed without your knowledge, scan it for spy ware as soon as time allows it. You should also change any passwords that may have been stolen.
* Give regard to your mail delivery that it is normal and there are no unauthorized orders of redirection.
* Create a file of everything you determine concerning the identity theft. Document all correspondence and request full details concerning money owed.
If you still do not feel secure about the handling of this matter, it is best to hire an identity theft attorney. If the legal impact of the theft is piling on you then such a lawyer is highly recommended. In most circumstances, people and companies will be sympathetic to your being a victim of identity theft. Approach the situation with tact and calmness and you will find many who will make an effort to help you.
*******************************************
To provide your family a complete wall of protection, including identity theft protection and restoration, as well as unlimited access to the legal system, visit http://www.mplss.com/. Can you imagine getting all of this for less than a dollar a day?
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
(808) 645-0243 Direct
(800) 306-3063 Toll-Free
www.mplss.com
Friday, December 26, 2008
Meth users good at identity theft; CBI agent urges vigilance to protect private info
By MIKE McKIBBIN
Citizen TelegramRifle
mmckibbin@citizentelegram.com
BATTLEMENT MESA, COLO. - Identity theft and methamphetamine use go hand in hand, according to a Colorado Bureau of Investigation agent who specializes in tracking down those who steal people’s names and personal data.
John Zamora recently told the Parachute/Grand Valley Kiwanis Club that meth users are good at committing identity theft “because they’ve got all this energy, at least at first. Fortunately, the more they use meth, they start making mistakes.”
Identity theft is the fastest growing crime in America because “there’s big money to be made and you can make it fast,” Zamora said.
“If someone steals your identity, you can expect to spend an average of 600 hours filling out paperwork and doing other things to let your bank and credit bureaus know you’ve been a victim,” he said. “And you can expect to spend about $1,400 to fix your credit. You basically have to prove your innocence.”
Last year, Colorado had 4,328 identity theft victims, 8th in the nation, while the city of Greeley was third in the U.S. for identity theft.
“A lot of gangs are getting into stealing identities because there’s a lot of money to be made,” Zamora said. “Nowadays, they don’t have to rob someone with a gun and get away with maybe $20 or $30. They can dress in suits, come to places like the Battlement Mesa Activity Center and rummage through the offices to find someone’s social security number.”
Identity thieves steal their information from credit bureaus, auto dealers, hospitals, employers, anyone with someone’s social security number, date of birth, bank account numbers or other facts, he said. Some use small hand-held “skimmers,” devices that can quickly record information from a credit card’s magnetic strip, Zamora added.
Some state and federal laws, such as the Fair Credit Billing Act and Electronic Funds Transfer Act, limit liability and can help victims correct errors on their credit report caused by identity thieves, he said.
Zamora advised people to not carry important identification with them, such as social security numbers. Promptly retrieving mail from mail boxes, shredding all documents before throwing them away, canceling all unused and unwanted credit cards are other steps Zamora said can help prevent identity theft.
Citizen TelegramRifle
mmckibbin@citizentelegram.com
BATTLEMENT MESA, COLO. - Identity theft and methamphetamine use go hand in hand, according to a Colorado Bureau of Investigation agent who specializes in tracking down those who steal people’s names and personal data.
John Zamora recently told the Parachute/Grand Valley Kiwanis Club that meth users are good at committing identity theft “because they’ve got all this energy, at least at first. Fortunately, the more they use meth, they start making mistakes.”
Identity theft is the fastest growing crime in America because “there’s big money to be made and you can make it fast,” Zamora said.
“If someone steals your identity, you can expect to spend an average of 600 hours filling out paperwork and doing other things to let your bank and credit bureaus know you’ve been a victim,” he said. “And you can expect to spend about $1,400 to fix your credit. You basically have to prove your innocence.”
Last year, Colorado had 4,328 identity theft victims, 8th in the nation, while the city of Greeley was third in the U.S. for identity theft.
“A lot of gangs are getting into stealing identities because there’s a lot of money to be made,” Zamora said. “Nowadays, they don’t have to rob someone with a gun and get away with maybe $20 or $30. They can dress in suits, come to places like the Battlement Mesa Activity Center and rummage through the offices to find someone’s social security number.”
Identity thieves steal their information from credit bureaus, auto dealers, hospitals, employers, anyone with someone’s social security number, date of birth, bank account numbers or other facts, he said. Some use small hand-held “skimmers,” devices that can quickly record information from a credit card’s magnetic strip, Zamora added.
Some state and federal laws, such as the Fair Credit Billing Act and Electronic Funds Transfer Act, limit liability and can help victims correct errors on their credit report caused by identity thieves, he said.
Zamora advised people to not carry important identification with them, such as social security numbers. Promptly retrieving mail from mail boxes, shredding all documents before throwing them away, canceling all unused and unwanted credit cards are other steps Zamora said can help prevent identity theft.
Thursday, December 25, 2008
MERRY CHRISTMAS AND A HAPPY NEW YEAR
From the Rapozo household, we wish you and yours a very Merry Christmas and a happy and prosperous New Year. Take care and God bless.
Tuesday, December 23, 2008
Increase in Identity Theft around the Holidays
The Identity Theft Resource Center says it gets more calls about lost and stolen wallets around the holiday season than any other time of year. The resource center offers some tips about protecting one's identity. Here are two tips I hadn't thought of:
Debit cards: Debit cards are not credit cards, rather they are a direct link to your bank account and electronically transfer money immediately to the merchant. If you want to use debit cards, link them to a bank account with a small amount of money in it, and not to your only bank account. If the card has a VISA or Mastercard logo on it the thief can use it without a PIN. If stolen, it could be difficult to prove you didn't make the purchase when you were in the same mall that day.
Check writing: ITRC recommends that you leave checks at home and only use them to pay bills. Write checks with a gel pen with specially formulated ink that absorbs into the paper fibers or one with non-erasable ink. This makes it harder for a thief to alter the check.
Debit cards: Debit cards are not credit cards, rather they are a direct link to your bank account and electronically transfer money immediately to the merchant. If you want to use debit cards, link them to a bank account with a small amount of money in it, and not to your only bank account. If the card has a VISA or Mastercard logo on it the thief can use it without a PIN. If stolen, it could be difficult to prove you didn't make the purchase when you were in the same mall that day.
Check writing: ITRC recommends that you leave checks at home and only use them to pay bills. Write checks with a gel pen with specially formulated ink that absorbs into the paper fibers or one with non-erasable ink. This makes it harder for a thief to alter the check.
Monday, December 22, 2008
5 Ways to Prevent Identity Theft From Using Social Security Numbers
By Alicia G. Limtiaco
For Pacific Daily News
The Federal Trade Commission on Dec. 18 issued a report that outlined five ways to help prevent Social Security numbers from being used for identity theft.
Among the report's recommendations is that the U.S. Congress consider taking action "to strengthen the procedures that private-sector organizations use to authenticate their customers' "identities," according to the FTC.
"Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses ... in the billions of dollars," the report states.
Adopting Standards
The FTC report states that adopting standards for how businesses and other organizations verify the identity of new and existing customers would make more difficult for identity thieves to use Social Security numbers and other stolen information to carry out their fraud. The report also recommends that steps be taken to reduce the unnecessary display and transmission of Social Security numbers, but noted that restrictions should be approached carefully.
"The first step in minimizing the role of Social Security numbers in identity theft is to limit the demand for Social Security numbers by making it more difficult for thieves to use them to pen new accounts, access existing accounts, or obtain other benefits or services," the FTC stated in its report.
The commission vote to issue the report was 4-0, and was developed pursuant to a recommendation of the President's Identity Theft Task Force, according to the FTC.
The report is backed by extensive fact-finding by the FTC and other federal agencies. The report also seeks to enhance the coordination and information-sharing among organizations that routinely use Social Security numbers, and recommends steps to improve data security, and increase outreach to consumers and businesses on the protection of Social Security numbers.
Alicia G. Limtiaco is the attorney general of Guam.
*************
Click here for the FTC press release
For Pacific Daily News
The Federal Trade Commission on Dec. 18 issued a report that outlined five ways to help prevent Social Security numbers from being used for identity theft.
Among the report's recommendations is that the U.S. Congress consider taking action "to strengthen the procedures that private-sector organizations use to authenticate their customers' "identities," according to the FTC.
"Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses ... in the billions of dollars," the report states.
Adopting Standards
The FTC report states that adopting standards for how businesses and other organizations verify the identity of new and existing customers would make more difficult for identity thieves to use Social Security numbers and other stolen information to carry out their fraud. The report also recommends that steps be taken to reduce the unnecessary display and transmission of Social Security numbers, but noted that restrictions should be approached carefully.
"The first step in minimizing the role of Social Security numbers in identity theft is to limit the demand for Social Security numbers by making it more difficult for thieves to use them to pen new accounts, access existing accounts, or obtain other benefits or services," the FTC stated in its report.
The commission vote to issue the report was 4-0, and was developed pursuant to a recommendation of the President's Identity Theft Task Force, according to the FTC.
The report is backed by extensive fact-finding by the FTC and other federal agencies. The report also seeks to enhance the coordination and information-sharing among organizations that routinely use Social Security numbers, and recommends steps to improve data security, and increase outreach to consumers and businesses on the protection of Social Security numbers.
Alicia G. Limtiaco is the attorney general of Guam.
*************
Click here for the FTC press release
Sunday, December 21, 2008
MEDICAL IDENTITY THEFT, THE IGNORED CRIME
I found this article on the Internet,and although quite accurate, it is missing one of the fastest growing types of identity theft, MEDICAL IDENTITY THEFT!:
"Financial Identity Theft
The most common form of identity theft is financial. A person stealing your credit card details can get you into a huge amount of financial debt. High charges may incur on your telephone bill if the identity thief gains access to your telephone calling card or your account. The bolder the identity thief is, the more damages he can cause. An identity thief could take out loans in your name, receive a new credit card under your name, create a utility account, lease a car or even lease an apartment under your name. In severe cases of financial identity theft, you may find that the identity thief has even taken out a mortgage on your home and disappeared online video courses the money. On rare occasions, an identity thief has been known to put his victim's home on the market. Although the task is more difficult, sales have been made in real life.
Criminal Identity Theft
Some identity thieves who steal identities for the sole purpose of using it for plotting and carrying out criminal activities. Traffic violations are the most common type of criminal online video courses committed by identity thieves. It is possible that an identity thief may carry a false driver's license with your name on it and bearing his photograph.There is no way of knowing until you receive your first citation for not appearing to respond to a traffic violation charge. Another criminal activity that an identity thief might engage in is using your license plate when they fuel up and drive off gas service stations without paying. Because it's your plate distance learning that shows on security cameras, you end up as the likely suspect. There can be even more serious criminal activities displayed where your identity is used to cover up crimes.
Cloning Identity Theft
In some cases, criminals will steal an individual's identity in order to get a passport, driver's license or access data when they are blocked from doing so with their own identity. It is possible that an identity thief may even steal another person's identity so that he can start a new life, perhaps due to a criminal past that online education yet to answer for. In these circumstances, you may not even incur any financial losses, but the experience can leave your reputation tattered. You may not even know that you have been "cloned" until you find out that your credit report has been damaged
Commercial Identity Theft
Businesses are not without risks; they can find themselves deep in problems having to do with identity theft. Landlords face potential difficulties if, for instance, a tenant poses as the owner and sells the landlord's furniture. Data or protected premises may be accessed by falsely using an authorized individual's identity. An identity thief may also pose as an distance learning to a business and make purchases, transactions or waive contracts, which could highly damage a company. In most cases, by the time the identity theft is discovered, the perpetrator has disappeared."
It is not uncommon to see articles omit this very important type of ID theft. Medical ID theft can hurt or kill you. Check out this recent article. The article states, "But as the push toward electronic medical records gains momentum, privacy experts worry those numbers may grow substantially. They're concerned that as doctors and hospitals switch from paper records to EMRs, as they're called, it may become easier for people to gain unauthorized access to sensitive patient information on a large scale."
This is scary. Here is another article that talks about the dangers of medical ID theft. Did you know that for $60, someone can buy your medical records and use it to obtain medical care? It's true as indicated here.
This is why credit monitoring alone is not enough. The credit monitoring companies do not monitor medical records. Nor do they monitor drivers license records and criminal records. This is why it is vital to subscribe to a service that provides total protection. A service that will do proactive searches in all databases to make sure that you are not a victim of non-financial identity theft.
The service that I'm talking about is our Identity Theft Shield. This service will protect you and your family against ID theft, and if you become a victim of this horrific crime, the experts at Kroll Background America will make sure that you are not a victim of any other type of ID theft.
Now, as any victim of ID theft will tell you, you need legal help when you are victimized by ID theft. With our Life Events Plan, you and your family will have access to a local law firm to help get you through the awful calls from creditors, banks, law enforcement, and others who believe that you are somebody that you're not. Believe me, it is no fun and can be extremely frustrating.
This is no joke. Medical identity theft is real and growing. Protect yourself and your family. Call us immediately for more information.
**********************************************
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P legal Support Services, LLC
(808) 645-0243 Direct
(800) 306-3063 Toll-Free
www.mplss.com
"Financial Identity Theft
The most common form of identity theft is financial. A person stealing your credit card details can get you into a huge amount of financial debt. High charges may incur on your telephone bill if the identity thief gains access to your telephone calling card or your account. The bolder the identity thief is, the more damages he can cause. An identity thief could take out loans in your name, receive a new credit card under your name, create a utility account, lease a car or even lease an apartment under your name. In severe cases of financial identity theft, you may find that the identity thief has even taken out a mortgage on your home and disappeared online video courses the money. On rare occasions, an identity thief has been known to put his victim's home on the market. Although the task is more difficult, sales have been made in real life.
Criminal Identity Theft
Some identity thieves who steal identities for the sole purpose of using it for plotting and carrying out criminal activities. Traffic violations are the most common type of criminal online video courses committed by identity thieves. It is possible that an identity thief may carry a false driver's license with your name on it and bearing his photograph.There is no way of knowing until you receive your first citation for not appearing to respond to a traffic violation charge. Another criminal activity that an identity thief might engage in is using your license plate when they fuel up and drive off gas service stations without paying. Because it's your plate distance learning that shows on security cameras, you end up as the likely suspect. There can be even more serious criminal activities displayed where your identity is used to cover up crimes.
Cloning Identity Theft
In some cases, criminals will steal an individual's identity in order to get a passport, driver's license or access data when they are blocked from doing so with their own identity. It is possible that an identity thief may even steal another person's identity so that he can start a new life, perhaps due to a criminal past that online education yet to answer for. In these circumstances, you may not even incur any financial losses, but the experience can leave your reputation tattered. You may not even know that you have been "cloned" until you find out that your credit report has been damaged
Commercial Identity Theft
Businesses are not without risks; they can find themselves deep in problems having to do with identity theft. Landlords face potential difficulties if, for instance, a tenant poses as the owner and sells the landlord's furniture. Data or protected premises may be accessed by falsely using an authorized individual's identity. An identity thief may also pose as an distance learning to a business and make purchases, transactions or waive contracts, which could highly damage a company. In most cases, by the time the identity theft is discovered, the perpetrator has disappeared."
It is not uncommon to see articles omit this very important type of ID theft. Medical ID theft can hurt or kill you. Check out this recent article. The article states, "But as the push toward electronic medical records gains momentum, privacy experts worry those numbers may grow substantially. They're concerned that as doctors and hospitals switch from paper records to EMRs, as they're called, it may become easier for people to gain unauthorized access to sensitive patient information on a large scale."
This is scary. Here is another article that talks about the dangers of medical ID theft. Did you know that for $60, someone can buy your medical records and use it to obtain medical care? It's true as indicated here.
This is why credit monitoring alone is not enough. The credit monitoring companies do not monitor medical records. Nor do they monitor drivers license records and criminal records. This is why it is vital to subscribe to a service that provides total protection. A service that will do proactive searches in all databases to make sure that you are not a victim of non-financial identity theft.
The service that I'm talking about is our Identity Theft Shield. This service will protect you and your family against ID theft, and if you become a victim of this horrific crime, the experts at Kroll Background America will make sure that you are not a victim of any other type of ID theft.
Now, as any victim of ID theft will tell you, you need legal help when you are victimized by ID theft. With our Life Events Plan, you and your family will have access to a local law firm to help get you through the awful calls from creditors, banks, law enforcement, and others who believe that you are somebody that you're not. Believe me, it is no fun and can be extremely frustrating.
This is no joke. Medical identity theft is real and growing. Protect yourself and your family. Call us immediately for more information.
**********************************************
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P legal Support Services, LLC
(808) 645-0243 Direct
(800) 306-3063 Toll-Free
www.mplss.com
Saturday, December 20, 2008
Preventing Identity Theft
Scott Cole/Cole Financial Planning
Published: December 19, 2008
One of the questions that I get asked surprisingly often concerns identity theft. It is a symptom of our times. Cyber thiefs are becoming more and more prevalent and sophisticated. An entire industry has cropped up and exploits our fear for their own economic gain. People are obviously wondering how to maneuver in this new world without being the victim of an identity crime. There is a real threat, but there are also some simple and common sense ways to protect yourself and your identity.
• Practice safe computing- For most of us these days, there is just no way around using a computer. E-mail is a staple in business life and now days it is almost a need to get plugged in, not just a luxury. That said there are some basic things you should do to protect you while computing. First, you need to have three programs on all your computers. Anti-virus, Firewall and anti-spyware. All of these are essentials in today’s environment. Make sure that you software stays up to date. Second, avoid responding to sites by clicking on links in an e-mail. It is almost always better to type the URL address. Also remember that reputable businesses will never ask for your social security information via the internet. Finally, remember that if you use social networking sites, it is not required that you give out every personal detail. The more information available, the easier it is for a thief to put together enough of the puzzle to impersonate you.
• Be prudent at home and travel lightly- A small investment in a home shredder is a wise for anyone. You should destroy all documents that contain, bank account information, credit card numbers or your social security number. Don’t forget those checks that credit card companies like to include in your bill. Don’t leave mail in your mailbox and make sure bills arrive on time and when they do arrive reviews them thoroughly for any suspicious activity. Report questionable charges immediately. When you are on the go, there is no need to carry every card that you own. Limit your cards to one or two and unless you know that you will specifically have to have it, never carry your Social Security card.
• Be your own credit monitor- There are plenty of services out there that will monitor your credit report for a handsome fee, but no one can do it better than yourself. You can get a copy of your credit report from each of the credit bureaus for free once a year at http://www.annualcreditreport.com . You can get them all at once or you could stagger them and create a more robust self monitoring system by getting one every four months. Often times, your identity may be stolen but not compromised for many years, so reviewing your credit frequently is a great habit to form. If you think there is something suspicious going on, you can place a fraud alert on the account. This forces lenders to take extra steps to verify your identity. If you still don’t feel safe, for a small fee, you could request a credit freeze. This prohibits potential lenders from accessing your credit without your authorization. If you choose this route, you need to request the freeze at each of the bureaus.
Identity theft is a reality of today’s world. While it doesn’t threaten you financially, in most cases, the time to clean up a violated credit can be substantial. However, some common sense and a little diligence will make the identity crooks lives a little harder and give you a peace of mind.
It’s everywhere these days it seems. If you read the paper, watch the news, peruse the internet, you finding warnings about identity theft. It is not all fluff either. A while back, I was working in my office, when my phone rang. It was my credit card company asking me if I was purchasing a thousand dollars of scuba equipment. I wasn’t and the charge was refused, but the call was sobering to say the least.Paranoia, however, does not have to be the end result of a sobering phone call. The booming security industry has recognized the profitable niche of so-called “identity theft protection.” There is no shortage of companies, including your credit card companies themselves that have discovered that people will pay money because they have been scared senseless by media reports. I started thinking about this after I received the fourth or fifth offer from my credit card company to monitor my credit for me. It wasn’t an outrageous fee, less than ten dollars a month, but why should I pay the credit card company to monitor something that hurts them more than it hurts me? After all, I am not responsible for fraudulent charges to my credit card company. Sure it would be a hassle to straighten out, but the industry realizes the truth of the old adage that “little and often fill the pot.” If they can get enough people to drop an extra ten dollars to them a month, it adds up to quite a profitable business venture for them, and it becomes just another financial leak in the consumer’s personal finances.
While identity theft insurance or protection services are not all that they are presented to be, there are some sensible things that each of us should do in this data-filled world. As with most things in life, protecting your identity requires some good old common sense and a little bit a diligence. First of all, watch what you share. While I personally believe that we are too private about money in general, that doesn’t mean we shouldn’t have some safeguards. For instance, there is no reason for you to carry your social security card. Put it in a locked firebox at home or keep it at a safety deposit box at your financial institution. Never give it out except for tax, employment or credit purposes. Shred financial documents that are not longer needed, and never reply to e-mails asking for such information, even if they look official.
Secondly, monitor you situation yourself. Federal law allows you to access your credit report once a year for free from the three big credit reporting bureaus. You can choose to get them all at once or one every four months, or any other interval you choose. You can request a copy at www.annualcreditreport.com. This is a good way to make sure that your report is accurate. You can report any discrepancies you find. One caveat, beware of other similarly named websites. You should also review your bank, credit card, and brokerage statements at least weekly and definitely look over the monthly statements to make sure it is correct and nothing nefarious is happening.
Third, if you are like me, you get tired of the parade of offers that come through the mail. I get “pre-approved” offers all the time, even though I have never sought them. I just don’t like all those offers sitting around in my mailbox. The simple solution is to opt out of the offers. You can visit http://www.optoutprescreen.com to take care of this. I’ll also be happy to e-mail you a copy of the federal trade commission’s brochure about consumer protection and opt out procedures if you are interested.
The truth of the matter is there is no full proof way of protecting you identity. The use of firewalls on your computer, destroying documents, monitoring the situation can all help, but nothing is 100%. My advice is to be diligent, use some common sense, and don’t become a victim of scare tactics from those who claim they can do a better job of protecting you than you can yourself. It is your identity after all and no one knows you (or how to protect you) than you do yourself. Heck, I may save the money my credit card company wanted me to pay and buy some real scuba equipment someday.
Published: December 19, 2008
One of the questions that I get asked surprisingly often concerns identity theft. It is a symptom of our times. Cyber thiefs are becoming more and more prevalent and sophisticated. An entire industry has cropped up and exploits our fear for their own economic gain. People are obviously wondering how to maneuver in this new world without being the victim of an identity crime. There is a real threat, but there are also some simple and common sense ways to protect yourself and your identity.
• Practice safe computing- For most of us these days, there is just no way around using a computer. E-mail is a staple in business life and now days it is almost a need to get plugged in, not just a luxury. That said there are some basic things you should do to protect you while computing. First, you need to have three programs on all your computers. Anti-virus, Firewall and anti-spyware. All of these are essentials in today’s environment. Make sure that you software stays up to date. Second, avoid responding to sites by clicking on links in an e-mail. It is almost always better to type the URL address. Also remember that reputable businesses will never ask for your social security information via the internet. Finally, remember that if you use social networking sites, it is not required that you give out every personal detail. The more information available, the easier it is for a thief to put together enough of the puzzle to impersonate you.
• Be prudent at home and travel lightly- A small investment in a home shredder is a wise for anyone. You should destroy all documents that contain, bank account information, credit card numbers or your social security number. Don’t forget those checks that credit card companies like to include in your bill. Don’t leave mail in your mailbox and make sure bills arrive on time and when they do arrive reviews them thoroughly for any suspicious activity. Report questionable charges immediately. When you are on the go, there is no need to carry every card that you own. Limit your cards to one or two and unless you know that you will specifically have to have it, never carry your Social Security card.
• Be your own credit monitor- There are plenty of services out there that will monitor your credit report for a handsome fee, but no one can do it better than yourself. You can get a copy of your credit report from each of the credit bureaus for free once a year at http://www.annualcreditreport.com . You can get them all at once or you could stagger them and create a more robust self monitoring system by getting one every four months. Often times, your identity may be stolen but not compromised for many years, so reviewing your credit frequently is a great habit to form. If you think there is something suspicious going on, you can place a fraud alert on the account. This forces lenders to take extra steps to verify your identity. If you still don’t feel safe, for a small fee, you could request a credit freeze. This prohibits potential lenders from accessing your credit without your authorization. If you choose this route, you need to request the freeze at each of the bureaus.
Identity theft is a reality of today’s world. While it doesn’t threaten you financially, in most cases, the time to clean up a violated credit can be substantial. However, some common sense and a little diligence will make the identity crooks lives a little harder and give you a peace of mind.
It’s everywhere these days it seems. If you read the paper, watch the news, peruse the internet, you finding warnings about identity theft. It is not all fluff either. A while back, I was working in my office, when my phone rang. It was my credit card company asking me if I was purchasing a thousand dollars of scuba equipment. I wasn’t and the charge was refused, but the call was sobering to say the least.Paranoia, however, does not have to be the end result of a sobering phone call. The booming security industry has recognized the profitable niche of so-called “identity theft protection.” There is no shortage of companies, including your credit card companies themselves that have discovered that people will pay money because they have been scared senseless by media reports. I started thinking about this after I received the fourth or fifth offer from my credit card company to monitor my credit for me. It wasn’t an outrageous fee, less than ten dollars a month, but why should I pay the credit card company to monitor something that hurts them more than it hurts me? After all, I am not responsible for fraudulent charges to my credit card company. Sure it would be a hassle to straighten out, but the industry realizes the truth of the old adage that “little and often fill the pot.” If they can get enough people to drop an extra ten dollars to them a month, it adds up to quite a profitable business venture for them, and it becomes just another financial leak in the consumer’s personal finances.
While identity theft insurance or protection services are not all that they are presented to be, there are some sensible things that each of us should do in this data-filled world. As with most things in life, protecting your identity requires some good old common sense and a little bit a diligence. First of all, watch what you share. While I personally believe that we are too private about money in general, that doesn’t mean we shouldn’t have some safeguards. For instance, there is no reason for you to carry your social security card. Put it in a locked firebox at home or keep it at a safety deposit box at your financial institution. Never give it out except for tax, employment or credit purposes. Shred financial documents that are not longer needed, and never reply to e-mails asking for such information, even if they look official.
Secondly, monitor you situation yourself. Federal law allows you to access your credit report once a year for free from the three big credit reporting bureaus. You can choose to get them all at once or one every four months, or any other interval you choose. You can request a copy at www.annualcreditreport.com. This is a good way to make sure that your report is accurate. You can report any discrepancies you find. One caveat, beware of other similarly named websites. You should also review your bank, credit card, and brokerage statements at least weekly and definitely look over the monthly statements to make sure it is correct and nothing nefarious is happening.
Third, if you are like me, you get tired of the parade of offers that come through the mail. I get “pre-approved” offers all the time, even though I have never sought them. I just don’t like all those offers sitting around in my mailbox. The simple solution is to opt out of the offers. You can visit http://www.optoutprescreen.com to take care of this. I’ll also be happy to e-mail you a copy of the federal trade commission’s brochure about consumer protection and opt out procedures if you are interested.
The truth of the matter is there is no full proof way of protecting you identity. The use of firewalls on your computer, destroying documents, monitoring the situation can all help, but nothing is 100%. My advice is to be diligent, use some common sense, and don’t become a victim of scare tactics from those who claim they can do a better job of protecting you than you can yourself. It is your identity after all and no one knows you (or how to protect you) than you do yourself. Heck, I may save the money my credit card company wanted me to pay and buy some real scuba equipment someday.
Friday, December 19, 2008
Some Interesting Facts About ID Theft
Below are just a few recent facts and statistics about credit fraud and identity theft.
"More than 27 million Americans have been victims of identity theft in the last five years.... To deal with the problem, consumers reported nearly $5 billion in out-of-pocket expenses."-The New York Times
"Stealing someone's identity to acquire -- and use -- new credit cards has become one of the most popular white-collar crimes today, according to fraud investigators from across the country."-Knight Ridder/Tribune Business News
"This year alone more than 500,000 Americans will be robbed of their identities...with more than $4 billion stolen in their names."-CBSnews.com
"In one notorious case of identity theft, the US Department of Justice reported that the criminal incurred over $100,000 of credit card debt, obtained a federal home loan, and bought homes, motorcycles, and hand guns in the victim's name all the while calling his victim to taunt him."-US Department of Justice Web site
"The number of identity thefts in the U.S. has skyrocketed during the past 15 months."-CNN.com
"According to a convicted ID thief in Denver, CO, "On a good day I could make $5,000 in cash and another $7,000 to $8,000 in merchandise..."-CBSnews.com
"A recent report on identity theft warned that there is likely to be "mass victimization" of consumers within the next two years. The report said consumers should be extra careful to monitor all their financial transactions for unexplained account activity, withdrawals, or fund transfers."-The Gartner Group, a technology research group
"Every 79 seconds, a thief steals someone's identity, opens accounts in the victim's name and goes on a buying spree."-CBSnews.com
"Experts report that a victim can spend anywhere from six months to two years recovering from identity theft."-CNNfn.com
"Most people don't find out they have been a victim of a stolen identity until they are turned down for a loan or credit card. A copy of their credit report explaining the denial may unveil weeks or months of fraud."-CNNfn.com
"More than 27 million Americans have been victims of identity theft in the last five years.... To deal with the problem, consumers reported nearly $5 billion in out-of-pocket expenses."-The New York Times
"Stealing someone's identity to acquire -- and use -- new credit cards has become one of the most popular white-collar crimes today, according to fraud investigators from across the country."-Knight Ridder/Tribune Business News
"This year alone more than 500,000 Americans will be robbed of their identities...with more than $4 billion stolen in their names."-CBSnews.com
"In one notorious case of identity theft, the US Department of Justice reported that the criminal incurred over $100,000 of credit card debt, obtained a federal home loan, and bought homes, motorcycles, and hand guns in the victim's name all the while calling his victim to taunt him."-US Department of Justice Web site
"The number of identity thefts in the U.S. has skyrocketed during the past 15 months."-CNN.com
"According to a convicted ID thief in Denver, CO, "On a good day I could make $5,000 in cash and another $7,000 to $8,000 in merchandise..."-CBSnews.com
"A recent report on identity theft warned that there is likely to be "mass victimization" of consumers within the next two years. The report said consumers should be extra careful to monitor all their financial transactions for unexplained account activity, withdrawals, or fund transfers."-The Gartner Group, a technology research group
"Every 79 seconds, a thief steals someone's identity, opens accounts in the victim's name and goes on a buying spree."-CBSnews.com
"Experts report that a victim can spend anywhere from six months to two years recovering from identity theft."-CNNfn.com
"Most people don't find out they have been a victim of a stolen identity until they are turned down for a loan or credit card. A copy of their credit report explaining the denial may unveil weeks or months of fraud."-CNNfn.com
Thursday, December 18, 2008
U.S. Recommends Changes to Cut Identity Theft
WASHINGTON (Reuters) - Companies and schools should find new ways to authenticate the identities of customers, employees and students that do not involve social security numbers, a U.S. consumer protection agency said on Wednesday as part of recommendations to fight identity theft.
An estimated 9 million Americans have their identity stolen every year, according to the Federal Trade Commission, which urged businesses, schools and other private entities to find better ways to authenticate identities, which already have.
"Requiring all private sector entities that maintain consumer accounts to establish appropriate, risk-based consumer authentication programs could reduce the misuse of consumer data and the prevalence of identity theft," the agency said in its report.
The commission also asked businesses that still use social security numbers to be more discreet.
"Some organizations continue to display SSNs on account statements, paychecks, applications or other documents that are sent through the mail, which puts consumers at risk for identity theft if their mail is stolen," the agency said in its report.
In other recommendations, the commission asked Congress to look at enacting standards for notifying the public in the case of data breaches and called for efforts to educate businesses and consumers on how best to safeguard social security numbers.
******************************
Our Affirmative Defense Response System (ADRS) provides your company a plan of action, including a privacy policy and employee training, at no direct cost to you. For more information on our ADRS program, call us at (800) 306-3063 or email us at mrapozo@hawaiilink.net. Happy holidays!!
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
www.mplss.com
An estimated 9 million Americans have their identity stolen every year, according to the Federal Trade Commission, which urged businesses, schools and other private entities to find better ways to authenticate identities, which already have.
"Requiring all private sector entities that maintain consumer accounts to establish appropriate, risk-based consumer authentication programs could reduce the misuse of consumer data and the prevalence of identity theft," the agency said in its report.
The commission also asked businesses that still use social security numbers to be more discreet.
"Some organizations continue to display SSNs on account statements, paychecks, applications or other documents that are sent through the mail, which puts consumers at risk for identity theft if their mail is stolen," the agency said in its report.
In other recommendations, the commission asked Congress to look at enacting standards for notifying the public in the case of data breaches and called for efforts to educate businesses and consumers on how best to safeguard social security numbers.
******************************
Our Affirmative Defense Response System (ADRS) provides your company a plan of action, including a privacy policy and employee training, at no direct cost to you. For more information on our ADRS program, call us at (800) 306-3063 or email us at mrapozo@hawaiilink.net. Happy holidays!!
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
www.mplss.com
Wednesday, December 17, 2008
ITRC's Identity Theft Predictions for 2009
SOURCE: ITRC
Linda Foley, 858-693-7935 x101
Media Coordinator
SAN DIEGO, Dec 16, 2008 (BUSINESS WIRE) -- Every year the Identity Theft Resource Center (ITRC) shares its thoughts for the upcoming year. The following items are ITRC's predictions for 2009:
Real Estate-based scams: There are multiple scams that attack the equity in a home or which may be used to establish a whole new home loan. Home Equity or Mortgage Frauds can be found on the Internet, local advertising and even via word of mouth. Some real estate scams include refinancing current loans, adding in unforecasted payments or property to increase the cost of the loan. Your home, while fully paid for, could even be entangled in a second mortgage without your knowledge. Due to the unfortunate turn in the real estate market, some home owners find themselves strapped and falling behind. Opportunistic scam artists might propose relief through a bogus land grant process. The best strategy for a home owner is to talk with your bank or mortgage company before engaging an unknown company.
Credit Card scams: With the current economy, credit will be tight. Thieves may advertise the ability to get credit cards despite a poor credit score or the lack of a Social Security number. There will continue to be more scams that offer to consolidate your credit card debt or to renegotiate your interest rates.
Other scams: Job scams are on the rise as people seek second sources of income. An example would be an offer to act as an account's receivable clerk for a company outside the U.S. - opening an account, receiving checks, depositing them in the bank and then wiring them to the company. Consumers have also been receiving more "phishing" scam emails due to the merging of financial institutions and stores. These emails ask you to confirm your personal identifying information. Finally, a variety of emails reporting to be from the IRS have been circulating, including tax refund offers, audit information demands and verification of citizenship status. Don't open attachments or go to another website due to cybercrime.
Professional thieves and targeted attacks: Along with law enforcement and the financial institutions, the ITRC is anticipating an increase in more sophisticated ways to "mine" information, sometimes by organized crime groups. Cybercrime, which includes transporting or selling large amounts of personal information from one group both nationally and internationally, will continue and expand. Part of this trend includes "skimming" (duplicate scanning of credit cards or debit cards), and fake fronts on payment scanners and ATM machines. Peripheral crimes, which use identity theft for funding, will continue and increase. Cybercrime is also tied to malware attacks on individual computers of consumers.
Check Fraud: As it becomes more difficult to get new lines of credit, identity thieves may be drawn more to commit check fraud. These crimes may take the form of stolen checks, using checks thrown into the trash by unknowing consumers or even synthetic checks. Synthetic checks typically have something that links them to a consumer, usually in the name and address section of the check. The checks may be for a closed account, an account that never existed or with a bank the consumer never used.
Breaches: Some companies, public entities and other groups that collect personal identifying information are cutting IT security staff. This may be due to apathy or to budget cuts. Targeted attacks of entities may increase as thieves develop improved techniques for hacking and other forms of illegal data acquisition, especially if fewer security measures are in place.
Other Identity Theft Crimes: ITRC anticipates an increase in the fraudulent use of SSNs for work by people who can not use their own Social Security number or who don't have one. As law enforcement and the public realize that identity theft is not just a financial crime, the ITRC expects more calls from people regarding criminal and medical identity theft, and from those whose information is negatively impacted due to the actions of an identity thief. Finally, thieves are aware that the Social Security numbers of children, the deceased, the elderly and even critically ill patients are excellent opportunities for long term use of another's information.
Increase in for-profit consumer products: This market has both positive and negative sides. There are some products in the market that meet the expectations presented and others that don't. Consumers need to do their homework and understand that it is impossible at this time to completely protect a consumer from identity theft with the products currently available.
On the Positive Side: More collaborative efforts are being established to more deeply define the issues, isolate the problem areas and start policy statements on ways to deal with multi-faceted crimes. The Red Flag Compliance Laws (implementation July 2009) are a set of regulations set by the federal government which will help entities to audit their security programs, strengthen weak areas and set up written policies. However, it will be up to individual entities to enforce those policies.
The ITRC projects an increase in the training of law enforcement regarding identity theft, from local to federal levels. Federal law enforcement will be even more aggressive in their actions against international syndicates especially in cybercrimes and international job scam operations. The IRS has trained and expanded its IRS Taxpayer's Advocate program to now assist victims of identity theft. The Crime Victims' Rights Act finally includes white collar (including identity theft) crime victims.
Many states have made significant strides in stopping the use of the Social Security numbers as an identifier. We foresee the federal government addressing similar problems in the identification cards of military members and their dependents as well as those seniors using Medicare.
Conclusion: While there still are major problem areas, there are exciting new programs on the horizon. Additionally, we predict that there will continue to be an increase in the number of state and federal agencies and nonprofits that provide identity theft victim advisors at no charge or victims suffering losses and problems from this crime.
About the ITRC
The Identity Theft Resource Center(R) (ITRC) is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. It is the on-going mission of the ITRC to assist victims, educate consumers, research identity theft and increase public and corporate awareness about this problem. Visit www.idtheftcenter.org
ITRC Identity Theft (C) This project was supported by Grant No. 2007-VF-GX-K038 awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. Points of view in this document are those of the ITRC and do not necessarily represent the official position or policies of the U.S. Department of Justice.
Linda Foley, 858-693-7935 x101
Media Coordinator
SAN DIEGO, Dec 16, 2008 (BUSINESS WIRE) -- Every year the Identity Theft Resource Center (ITRC) shares its thoughts for the upcoming year. The following items are ITRC's predictions for 2009:
Real Estate-based scams: There are multiple scams that attack the equity in a home or which may be used to establish a whole new home loan. Home Equity or Mortgage Frauds can be found on the Internet, local advertising and even via word of mouth. Some real estate scams include refinancing current loans, adding in unforecasted payments or property to increase the cost of the loan. Your home, while fully paid for, could even be entangled in a second mortgage without your knowledge. Due to the unfortunate turn in the real estate market, some home owners find themselves strapped and falling behind. Opportunistic scam artists might propose relief through a bogus land grant process. The best strategy for a home owner is to talk with your bank or mortgage company before engaging an unknown company.
Credit Card scams: With the current economy, credit will be tight. Thieves may advertise the ability to get credit cards despite a poor credit score or the lack of a Social Security number. There will continue to be more scams that offer to consolidate your credit card debt or to renegotiate your interest rates.
Other scams: Job scams are on the rise as people seek second sources of income. An example would be an offer to act as an account's receivable clerk for a company outside the U.S. - opening an account, receiving checks, depositing them in the bank and then wiring them to the company. Consumers have also been receiving more "phishing" scam emails due to the merging of financial institutions and stores. These emails ask you to confirm your personal identifying information. Finally, a variety of emails reporting to be from the IRS have been circulating, including tax refund offers, audit information demands and verification of citizenship status. Don't open attachments or go to another website due to cybercrime.
Professional thieves and targeted attacks: Along with law enforcement and the financial institutions, the ITRC is anticipating an increase in more sophisticated ways to "mine" information, sometimes by organized crime groups. Cybercrime, which includes transporting or selling large amounts of personal information from one group both nationally and internationally, will continue and expand. Part of this trend includes "skimming" (duplicate scanning of credit cards or debit cards), and fake fronts on payment scanners and ATM machines. Peripheral crimes, which use identity theft for funding, will continue and increase. Cybercrime is also tied to malware attacks on individual computers of consumers.
Check Fraud: As it becomes more difficult to get new lines of credit, identity thieves may be drawn more to commit check fraud. These crimes may take the form of stolen checks, using checks thrown into the trash by unknowing consumers or even synthetic checks. Synthetic checks typically have something that links them to a consumer, usually in the name and address section of the check. The checks may be for a closed account, an account that never existed or with a bank the consumer never used.
Breaches: Some companies, public entities and other groups that collect personal identifying information are cutting IT security staff. This may be due to apathy or to budget cuts. Targeted attacks of entities may increase as thieves develop improved techniques for hacking and other forms of illegal data acquisition, especially if fewer security measures are in place.
Other Identity Theft Crimes: ITRC anticipates an increase in the fraudulent use of SSNs for work by people who can not use their own Social Security number or who don't have one. As law enforcement and the public realize that identity theft is not just a financial crime, the ITRC expects more calls from people regarding criminal and medical identity theft, and from those whose information is negatively impacted due to the actions of an identity thief. Finally, thieves are aware that the Social Security numbers of children, the deceased, the elderly and even critically ill patients are excellent opportunities for long term use of another's information.
Increase in for-profit consumer products: This market has both positive and negative sides. There are some products in the market that meet the expectations presented and others that don't. Consumers need to do their homework and understand that it is impossible at this time to completely protect a consumer from identity theft with the products currently available.
On the Positive Side: More collaborative efforts are being established to more deeply define the issues, isolate the problem areas and start policy statements on ways to deal with multi-faceted crimes. The Red Flag Compliance Laws (implementation July 2009) are a set of regulations set by the federal government which will help entities to audit their security programs, strengthen weak areas and set up written policies. However, it will be up to individual entities to enforce those policies.
The ITRC projects an increase in the training of law enforcement regarding identity theft, from local to federal levels. Federal law enforcement will be even more aggressive in their actions against international syndicates especially in cybercrimes and international job scam operations. The IRS has trained and expanded its IRS Taxpayer's Advocate program to now assist victims of identity theft. The Crime Victims' Rights Act finally includes white collar (including identity theft) crime victims.
Many states have made significant strides in stopping the use of the Social Security numbers as an identifier. We foresee the federal government addressing similar problems in the identification cards of military members and their dependents as well as those seniors using Medicare.
Conclusion: While there still are major problem areas, there are exciting new programs on the horizon. Additionally, we predict that there will continue to be an increase in the number of state and federal agencies and nonprofits that provide identity theft victim advisors at no charge or victims suffering losses and problems from this crime.
About the ITRC
The Identity Theft Resource Center(R) (ITRC) is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. It is the on-going mission of the ITRC to assist victims, educate consumers, research identity theft and increase public and corporate awareness about this problem. Visit www.idtheftcenter.org
ITRC Identity Theft (C) This project was supported by Grant No. 2007-VF-GX-K038 awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. Points of view in this document are those of the ITRC and do not necessarily represent the official position or policies of the U.S. Department of Justice.
Tuesday, December 16, 2008
Data Breaches: Ignorance Is Dangerous
By Pam Greenberg
State Legislatures 12/15/08 4:00 AM PT
A Countrywide mortgage employee working Sunday nights copied customer records from an office computer, then sold the personal information of an estimated 2 million mortgage applicants.
A group of hackers "wardriving" -- searching for unsecured wireless networks in parking lots and outside retail stores such as TJ Maxx, Marshalls, Boston Market and others -- managed to capture credit card numbers, passwords and account information for more than 40 million customers.
A laptop stolen from a National Institutes of Health researcher contained the information of about 2,500 participants in a medical research study, including names, birth dates, health data and diagnoses.
Unreported Information
Before 2004, consumers rarely heard about these kinds of thefts. But a landmark California law, which went largely unnoticed outside the state when it passed in 2002, set off a chain of events felt nationwide. California's Security Breach Notice Law requires businesses or state agencies that have a security breach to notify state residents if their personal information is lost or stolen.
Since the law took effect in mid-2003, hundreds of data breaches have been reported in the press, and more than 245 million records containing personal information have been exposed. Thousands of people have received letters warning them to monitor their records, and businesses and organizations have beefed up data security. One study put the cost of data breaches to the companies involved at $197 per record breached in 2007.
National Reach
In February 2005, ChoicePoint, a company that collects and compiles information about millions of consumers, discovered that it had inadvertently sold the personal information of almost 145,000 people to a con artist who claimed to be an executive with a Los Angeles company. ChoicePoint initially notified only California residents, who were covered by the state's notification law, even though the stolen data included information about residents in other states. Only after widespread media coverage, and after 38 state attorneys general had called for notification to victims in other states and territories, did the company notify everyone whose personal information had been compromised.
After ChoicePoint's security failure became widely known, lawmakers in other states moved quickly to make sure their citizens had the same kind of notice as California residents.
Twenty-two states enacted security breach laws in 2005, and others quickly followed in subsequent years.
In the five years since the California law has been in force, 43 states, the District of Columbia, Puerto Rico and the Virgin Islands have passed similar laws. But the laws have their critics, and researchers are beginning to take a careful look at their effectiveness.
Laws Create Change
"The law has worked surprisingly well," says State Sen. Joe Simitian, a sponsor of the California bill. "Millions of American consumers have known when their personal information had been disclosed and they were at risk."
With notice, a consumer can protect against theft by closing accounts, freezing credit reports -- effectively blocking the issuance of new credit without permission -- or issuing a fraud alert requiring creditors to check before extending any new credit.
The law also creates a powerful incentive on the part of government and business to improve data security. "You have a responsibility to handle this data with care, and if you come up short," Simitian says, "you'll suffer the damage to your reputation."
Companies have increased security practices in response to data breach laws, according to Chris Hoofhagle, director of Information Privacy Programs at the Berkeley Center for Law & Technology, who supervised a survey of chief security officers by the Samuelson Clinic. "Businesses are changing practices and policies, getting security on the accounting books, and integrating security into legal and marketing teams," he says.
Joanne McNabb, chief of California's Office of Privacy Protection, also sees businesses changing their practices. "One of the striking lessons we've learned is how much sensitive information is not safe on a server but is traveling on a laptop or flash drive. It's now becoming a common practice to encrypt these and to have policies that restrict or limit what kind of information can be carried on these devices."
McNabb points to another change that's happening in government and the private sector. "There's a real scouring of systems to remove Social Security numbers. Organizations are saying, why do we still collect this or why are we keeping this information so long?"
A 2008 review of breach incidents compiled by the Privacy Rights Clearinghouse found that about 75 percent of the publicly known breaches involved Social Security numbers. A report by McNabb's office highlights how, after one university's breach had exposed Social Security numbers and other information from 15 years prior, it changed its policies to shorten the time it retained information on certain applicants. In another example, a blood bank stopped collecting Social Security numbers altogether.
Critics Point to Limitations
Some researchers, however, are questioning the benefits of the laws. A Progress and Freedom Foundation analysis of security breach laws questions whether the costs of notification outweigh the benefits. The report's authors, Thomas M. Lenard and Paul H. Rubin, maintain that businesses already have strong incentives to spend money on data security, because many of the costs related to identity theft and fraud are borne directly by business. They also argue that the benefits of the notice to consumers are negligible since only a very small percentage of those who receive breach notices actually become victims of a fraud.
Fred Cate, a law professor and director of the Center for Applied Cybersecurity Research at Indiana University, agrees. "Research shows pretty clearly that there's very little identity theft that follows breached accounts. Security threats are all around us, but security breaches are like a little sideshow. I don't mean to suggest that they aren't a concern, but if you asked security experts to name the top 15 security risks, I doubt breaches would be on anyone's list."
Also, a little less than half of consumers fail to take action after being notified that their information has been lost or stolen. A 2005 survey of identity theft victims by the Federal Trade Commission found that 44 percent did nothing after receiving a notice about a breach of their information.
"Notices have become a substitute for real action," Cate says.
But Simitian considers notices valuable, giving consumers the opportunity to take steps if they choose. "What you don't know can hurt you. You and I may get the same notice letter, and you may close all your accounts and do everything possible to protect yourself. Someone else may do nothing. I'll take a middle position and monitor my accounts more carefully."
Simitian also thinks notices can be improved by providing standard information about what data were breached.
McNabb agrees. "If the breach involves use of credit card numbers, you know the fraud is likely to happen fairly soon, and you can close your account. But with a Social Security number, there are numerous types of fraud that can occur, it can happen anytime, and you can't change your Social Security number."
Effect on Identity Theft Unclear
According to the most recent figures from the Federal Trade Commission, 8.3 million Americans were victims of identity theft in 2005, and identity theft is the No. 1 source of consumer fraud complaints the agency receives. And given the hardship that identity theft can create for individuals, it's not surprising that some have looked to security breach laws as a solution.
But data breaches are not the only ways in which identity theft occurs. A lost or stolen wallet or thefts from mail or garbage also can lead to identity theft. In addition, information about such thefts is often based on anecdotal accounts or surveys of victims, who sometimes have no idea how their information was compromised.
"It's a fundamental problem that security breach laws have been hung on the hook of identity theft," says Hoofhagle. "Investigating the source of identity theft is extremely tricky."
A team of researchers at the Heinz School of Public Policy and Management at Carnegie Mellon has attempted to do so, however. The researchers compared identity theft rates, over time, in states with and without security breach laws, and concluded that data breach disclosure laws have "no statistically significant effect" in reducing identity theft.
The study also noted that, if a small percentage of identity thefts is attributable to data breaches, the effectiveness of data breach laws on these thefts is limited. The researchers acknowledged, however, a need for better data and further study. They also say security breach laws may have other benefits, such as reducing a victim's average losses and improving security practices.
Lessons Learned
What have we learned after five years?
"We've learned that the law works well, but that there are some improvements that would make a good law even better," says Simitian.
In addition to requiring a core set of information in notice letters, Simitian favors requiring businesses to notify a central state entity. New York, for example, requires notification of breaches to the attorney general's office.
"It gives law enforcement the information they need to assess the particular kinds of data lost or the means by which they are being breached."
State lawmakers also need this information, he says. "If we're to legislate effectively, we need to know the nature and extent of the problem."
Cate is skeptical that including a standard set of information in letters will make a difference, but he supports the idea of a central reporting requirement. A central repository would have all the benefits of notice, he says, "without scaring people about dangers when no real harm is there or if there's little they can do about it."
With central reporting, businesses could start making more rational investments in security, says Hoofhagle. "I think we'll find these laws sparked investment and innovation in security -- maybe even over-investment -- but we were in a posture of under-investment before."
As states continue to work on improving data breach laws, Congress also has been considering legislation. Some bills have made it out of committee, but none have had a floor vote.
Federal legislation is a mixed blessing," says Simitian. "If we end up with a weaker set of provisions that also preempts the more rigorous state laws, that's not going to benefit consumers."
Cate thinks Congress will act, and he's surprised it hasn't already. "It's probably because they found it a lot more complicated than they thought."
The way data are collected, used and transferred across states, it's likely many companies will opt to comply with the most stringent provisions in state laws, Cate says.
"One way or another, we'll have national preemption -- either from the state that adopts the toughest law or from Congress. But it's a classic case of states leading the way."
State Legislatures 12/15/08 4:00 AM PT
A Countrywide mortgage employee working Sunday nights copied customer records from an office computer, then sold the personal information of an estimated 2 million mortgage applicants.
A group of hackers "wardriving" -- searching for unsecured wireless networks in parking lots and outside retail stores such as TJ Maxx, Marshalls, Boston Market and others -- managed to capture credit card numbers, passwords and account information for more than 40 million customers.
A laptop stolen from a National Institutes of Health researcher contained the information of about 2,500 participants in a medical research study, including names, birth dates, health data and diagnoses.
Unreported Information
Before 2004, consumers rarely heard about these kinds of thefts. But a landmark California law, which went largely unnoticed outside the state when it passed in 2002, set off a chain of events felt nationwide. California's Security Breach Notice Law requires businesses or state agencies that have a security breach to notify state residents if their personal information is lost or stolen.
Since the law took effect in mid-2003, hundreds of data breaches have been reported in the press, and more than 245 million records containing personal information have been exposed. Thousands of people have received letters warning them to monitor their records, and businesses and organizations have beefed up data security. One study put the cost of data breaches to the companies involved at $197 per record breached in 2007.
National Reach
In February 2005, ChoicePoint, a company that collects and compiles information about millions of consumers, discovered that it had inadvertently sold the personal information of almost 145,000 people to a con artist who claimed to be an executive with a Los Angeles company. ChoicePoint initially notified only California residents, who were covered by the state's notification law, even though the stolen data included information about residents in other states. Only after widespread media coverage, and after 38 state attorneys general had called for notification to victims in other states and territories, did the company notify everyone whose personal information had been compromised.
After ChoicePoint's security failure became widely known, lawmakers in other states moved quickly to make sure their citizens had the same kind of notice as California residents.
Twenty-two states enacted security breach laws in 2005, and others quickly followed in subsequent years.
In the five years since the California law has been in force, 43 states, the District of Columbia, Puerto Rico and the Virgin Islands have passed similar laws. But the laws have their critics, and researchers are beginning to take a careful look at their effectiveness.
Laws Create Change
"The law has worked surprisingly well," says State Sen. Joe Simitian, a sponsor of the California bill. "Millions of American consumers have known when their personal information had been disclosed and they were at risk."
With notice, a consumer can protect against theft by closing accounts, freezing credit reports -- effectively blocking the issuance of new credit without permission -- or issuing a fraud alert requiring creditors to check before extending any new credit.
The law also creates a powerful incentive on the part of government and business to improve data security. "You have a responsibility to handle this data with care, and if you come up short," Simitian says, "you'll suffer the damage to your reputation."
Companies have increased security practices in response to data breach laws, according to Chris Hoofhagle, director of Information Privacy Programs at the Berkeley Center for Law & Technology, who supervised a survey of chief security officers by the Samuelson Clinic. "Businesses are changing practices and policies, getting security on the accounting books, and integrating security into legal and marketing teams," he says.
Joanne McNabb, chief of California's Office of Privacy Protection, also sees businesses changing their practices. "One of the striking lessons we've learned is how much sensitive information is not safe on a server but is traveling on a laptop or flash drive. It's now becoming a common practice to encrypt these and to have policies that restrict or limit what kind of information can be carried on these devices."
McNabb points to another change that's happening in government and the private sector. "There's a real scouring of systems to remove Social Security numbers. Organizations are saying, why do we still collect this or why are we keeping this information so long?"
A 2008 review of breach incidents compiled by the Privacy Rights Clearinghouse found that about 75 percent of the publicly known breaches involved Social Security numbers. A report by McNabb's office highlights how, after one university's breach had exposed Social Security numbers and other information from 15 years prior, it changed its policies to shorten the time it retained information on certain applicants. In another example, a blood bank stopped collecting Social Security numbers altogether.
Critics Point to Limitations
Some researchers, however, are questioning the benefits of the laws. A Progress and Freedom Foundation analysis of security breach laws questions whether the costs of notification outweigh the benefits. The report's authors, Thomas M. Lenard and Paul H. Rubin, maintain that businesses already have strong incentives to spend money on data security, because many of the costs related to identity theft and fraud are borne directly by business. They also argue that the benefits of the notice to consumers are negligible since only a very small percentage of those who receive breach notices actually become victims of a fraud.
Fred Cate, a law professor and director of the Center for Applied Cybersecurity Research at Indiana University, agrees. "Research shows pretty clearly that there's very little identity theft that follows breached accounts. Security threats are all around us, but security breaches are like a little sideshow. I don't mean to suggest that they aren't a concern, but if you asked security experts to name the top 15 security risks, I doubt breaches would be on anyone's list."
Also, a little less than half of consumers fail to take action after being notified that their information has been lost or stolen. A 2005 survey of identity theft victims by the Federal Trade Commission found that 44 percent did nothing after receiving a notice about a breach of their information.
"Notices have become a substitute for real action," Cate says.
But Simitian considers notices valuable, giving consumers the opportunity to take steps if they choose. "What you don't know can hurt you. You and I may get the same notice letter, and you may close all your accounts and do everything possible to protect yourself. Someone else may do nothing. I'll take a middle position and monitor my accounts more carefully."
Simitian also thinks notices can be improved by providing standard information about what data were breached.
McNabb agrees. "If the breach involves use of credit card numbers, you know the fraud is likely to happen fairly soon, and you can close your account. But with a Social Security number, there are numerous types of fraud that can occur, it can happen anytime, and you can't change your Social Security number."
Effect on Identity Theft Unclear
According to the most recent figures from the Federal Trade Commission, 8.3 million Americans were victims of identity theft in 2005, and identity theft is the No. 1 source of consumer fraud complaints the agency receives. And given the hardship that identity theft can create for individuals, it's not surprising that some have looked to security breach laws as a solution.
But data breaches are not the only ways in which identity theft occurs. A lost or stolen wallet or thefts from mail or garbage also can lead to identity theft. In addition, information about such thefts is often based on anecdotal accounts or surveys of victims, who sometimes have no idea how their information was compromised.
"It's a fundamental problem that security breach laws have been hung on the hook of identity theft," says Hoofhagle. "Investigating the source of identity theft is extremely tricky."
A team of researchers at the Heinz School of Public Policy and Management at Carnegie Mellon has attempted to do so, however. The researchers compared identity theft rates, over time, in states with and without security breach laws, and concluded that data breach disclosure laws have "no statistically significant effect" in reducing identity theft.
The study also noted that, if a small percentage of identity thefts is attributable to data breaches, the effectiveness of data breach laws on these thefts is limited. The researchers acknowledged, however, a need for better data and further study. They also say security breach laws may have other benefits, such as reducing a victim's average losses and improving security practices.
Lessons Learned
What have we learned after five years?
"We've learned that the law works well, but that there are some improvements that would make a good law even better," says Simitian.
In addition to requiring a core set of information in notice letters, Simitian favors requiring businesses to notify a central state entity. New York, for example, requires notification of breaches to the attorney general's office.
"It gives law enforcement the information they need to assess the particular kinds of data lost or the means by which they are being breached."
State lawmakers also need this information, he says. "If we're to legislate effectively, we need to know the nature and extent of the problem."
Cate is skeptical that including a standard set of information in letters will make a difference, but he supports the idea of a central reporting requirement. A central repository would have all the benefits of notice, he says, "without scaring people about dangers when no real harm is there or if there's little they can do about it."
With central reporting, businesses could start making more rational investments in security, says Hoofhagle. "I think we'll find these laws sparked investment and innovation in security -- maybe even over-investment -- but we were in a posture of under-investment before."
As states continue to work on improving data breach laws, Congress also has been considering legislation. Some bills have made it out of committee, but none have had a floor vote.
Federal legislation is a mixed blessing," says Simitian. "If we end up with a weaker set of provisions that also preempts the more rigorous state laws, that's not going to benefit consumers."
Cate thinks Congress will act, and he's surprised it hasn't already. "It's probably because they found it a lot more complicated than they thought."
The way data are collected, used and transferred across states, it's likely many companies will opt to comply with the most stringent provisions in state laws, Cate says.
"One way or another, we'll have national preemption -- either from the state that adopts the toughest law or from Congress. But it's a classic case of states leading the way."
Monday, December 15, 2008
State and Local Governments Tackle Security Projects
By Ellen Messmer , Network World , 12/15/2008
State and local governments around the country are worrying as much as any business enterprise about protecting the sensitive data they hold, based on a look at security projects in places such as Arizona, Indiana and Florida.
Arizona's government last year decided to create state-level positions for both CISO and chief privacy officer (CPO), after the Federal Trade Commission ranked Arizona first among all states in identity theft, though the exact reason wasn't cited by the FTC. After the state passed legislation for more oversight, David VanderNaalt, named CISO, began working with Mary Beth Joublanc, the state's CPO, in the newly created Statewide Information Security & Privacy Office at the Statewide Information Technology Agency.
"This is an oversight agency," says VanderNaalt, formerly CISO for the City of New York for eight years and a witness to the Sept. 11 attacks.
VanderNaalt and Joublanc report directly to Arizona's governor, among others, about whether dozens of state agencies are complying with state legislation requiring agencies to report security incidents.
"In my role I see we have 100 different business models," VanderNaalt says about Arizona's dozens of agencies and their departmental activities. While many agencies collect data about security incidents, there needs to be a centralized way to automate collection from technical sources in addition to manual reports, he says.
Just last month, for example, to comply with state law, Arizona's Department of Economic Security had to notify the families of about 40,000 children that their personal data may have been compromised following the theft of hard drives from a facility where they were stored.
VanderNaalt says one approach he's testing to report and track incidents statewide is a tool from Agiliance called RiskVision at the agencies, though he adds when it comes to identity theft, the private sector is likely to be at least as big a source of the problem.
But the purpose of the statewide office on security and privacy is to tackle wider concerns, too, including major online attacks, in order to respond with as complete a picture as Arizona's government can muster.
To do that, VanderNaalt knows he needs the trust from Arizona's employees.
"We're trying to position ourselves that reporting is a good thing, and you will get help," VanderNaalt says. The state oversight agency will also be conducting assessments of agency practices and technologies with an eye toward identifying statewide approaches to safeguarding security and privacy of data.
Securing Indiana
Indiana has already adopted a centralized approach in IT and security and it appears to be working well, according to Paul Baltzell, director of distributed services. His department is responsible for desktops used across the agencies.
Four years ago, Gov. Mitch Daniels, annoyed that even the state's e-mail systems weren't fully connected (although its state WAN was), made the decision that there should be a state-level CIO office defining infrastructure requirements, including security policies.
Indiana's IT centralization effort has had some pushback Baltzell acknowledges, noting that it resulted in about a 40% staff reduction in some IT function areas.
But by centralizing, the state government now benefits from volume discounts in IT acquisitions, including in security procurements, Baltzell says.
As part of a recent state-level acquisition of McAfee antivirus, intrusion-prevention and other security gear, Indiana also licensed McAfee's Endpoint Encryption software (based on McAfee's acquisition of SafeBoot) which it's deploying on about 10,000 laptops and other mobile devices.
"One bad security breach and you've lost all credibility," Baltzell says, adding that trying to achieve this wide a rollout of desktop encryption would have been much more difficult without a centralized statewide mandate.
Baltzell also says he's enjoying success with Intel's vPro, now used inside 6,000 of Indiana's state-agency desktops, for remote management of them "even if it's blue-screened," Baltzell says.
"We have offices all over the state, and my techs have to get in the car if they can't fix something remotely," Baltzell says. Intel's vPro has greatly simplified remote management for Indiana employees and Baltzell hopes security vendors will work with Intel to explore some of the potential it offers in malware defense.
Security at the local level
Local city governments also take on ambitious security projects and find it can be a substantial effort to put in place centrally mandated IT governance policies just for city agencies.
"A key one we had is software installation and computer-use policy spelling out the rules of engagement," says Nelson Martinez, systems support manager for the City of Miami Beach municipal government in Florida, which has about 2,000 employees using computers.
Establishing a citywide computer-use policy entailed meeting individually not only with city agencies themselves but also with five unions and their lawyers, including the police and fire unions, to discuss the policy and how violations would be handled."It all went faster than I thought it would," says Martinez says, noting each group voiced issues about how reprimands or punishments might be applied. In the end, it was made clear that while the IT department might be providing information about blatant violations of IT policy — for instance, "no chat, no instant messaging, no adding in unofficial software except with permission" — it's up to high-level city management to handle the repercussions, he says.
For endpoint enforcement on almost 2,000 employee computers, the city is using eEye Digital's Blink, which prevents malware from executing as well as blocks unauthorized applications. "I'm trying to keep them out of trouble," Martinez says. "People are always trying to test the boundaries."
Martinez says one of the most ambitious projects the city is undertaking now is single-sign on authentication using fingerprint biometrics for authentication in order to attain a higher security level than simple passwords.
The project makes use of Imprivata's single sign-on appliance, Microsoft Active Directory and UPEK scanners, and is starting with 150 city personnel, including the city's directors and those in law enforcement and emergency response.
Biometrics is important "because it all comes back to security," Martinez says. "You can use complex passwords, but you will have people writing sticky notes."
State and local governments around the country are worrying as much as any business enterprise about protecting the sensitive data they hold, based on a look at security projects in places such as Arizona, Indiana and Florida.
Arizona's government last year decided to create state-level positions for both CISO and chief privacy officer (CPO), after the Federal Trade Commission ranked Arizona first among all states in identity theft, though the exact reason wasn't cited by the FTC. After the state passed legislation for more oversight, David VanderNaalt, named CISO, began working with Mary Beth Joublanc, the state's CPO, in the newly created Statewide Information Security & Privacy Office at the Statewide Information Technology Agency.
"This is an oversight agency," says VanderNaalt, formerly CISO for the City of New York for eight years and a witness to the Sept. 11 attacks.
VanderNaalt and Joublanc report directly to Arizona's governor, among others, about whether dozens of state agencies are complying with state legislation requiring agencies to report security incidents.
"In my role I see we have 100 different business models," VanderNaalt says about Arizona's dozens of agencies and their departmental activities. While many agencies collect data about security incidents, there needs to be a centralized way to automate collection from technical sources in addition to manual reports, he says.
Just last month, for example, to comply with state law, Arizona's Department of Economic Security had to notify the families of about 40,000 children that their personal data may have been compromised following the theft of hard drives from a facility where they were stored.
VanderNaalt says one approach he's testing to report and track incidents statewide is a tool from Agiliance called RiskVision at the agencies, though he adds when it comes to identity theft, the private sector is likely to be at least as big a source of the problem.
But the purpose of the statewide office on security and privacy is to tackle wider concerns, too, including major online attacks, in order to respond with as complete a picture as Arizona's government can muster.
To do that, VanderNaalt knows he needs the trust from Arizona's employees.
"We're trying to position ourselves that reporting is a good thing, and you will get help," VanderNaalt says. The state oversight agency will also be conducting assessments of agency practices and technologies with an eye toward identifying statewide approaches to safeguarding security and privacy of data.
Securing Indiana
Indiana has already adopted a centralized approach in IT and security and it appears to be working well, according to Paul Baltzell, director of distributed services. His department is responsible for desktops used across the agencies.
Four years ago, Gov. Mitch Daniels, annoyed that even the state's e-mail systems weren't fully connected (although its state WAN was), made the decision that there should be a state-level CIO office defining infrastructure requirements, including security policies.
Indiana's IT centralization effort has had some pushback Baltzell acknowledges, noting that it resulted in about a 40% staff reduction in some IT function areas.
But by centralizing, the state government now benefits from volume discounts in IT acquisitions, including in security procurements, Baltzell says.
As part of a recent state-level acquisition of McAfee antivirus, intrusion-prevention and other security gear, Indiana also licensed McAfee's Endpoint Encryption software (based on McAfee's acquisition of SafeBoot) which it's deploying on about 10,000 laptops and other mobile devices.
"One bad security breach and you've lost all credibility," Baltzell says, adding that trying to achieve this wide a rollout of desktop encryption would have been much more difficult without a centralized statewide mandate.
Baltzell also says he's enjoying success with Intel's vPro, now used inside 6,000 of Indiana's state-agency desktops, for remote management of them "even if it's blue-screened," Baltzell says.
"We have offices all over the state, and my techs have to get in the car if they can't fix something remotely," Baltzell says. Intel's vPro has greatly simplified remote management for Indiana employees and Baltzell hopes security vendors will work with Intel to explore some of the potential it offers in malware defense.
Security at the local level
Local city governments also take on ambitious security projects and find it can be a substantial effort to put in place centrally mandated IT governance policies just for city agencies.
"A key one we had is software installation and computer-use policy spelling out the rules of engagement," says Nelson Martinez, systems support manager for the City of Miami Beach municipal government in Florida, which has about 2,000 employees using computers.
Establishing a citywide computer-use policy entailed meeting individually not only with city agencies themselves but also with five unions and their lawyers, including the police and fire unions, to discuss the policy and how violations would be handled."It all went faster than I thought it would," says Martinez says, noting each group voiced issues about how reprimands or punishments might be applied. In the end, it was made clear that while the IT department might be providing information about blatant violations of IT policy — for instance, "no chat, no instant messaging, no adding in unofficial software except with permission" — it's up to high-level city management to handle the repercussions, he says.
For endpoint enforcement on almost 2,000 employee computers, the city is using eEye Digital's Blink, which prevents malware from executing as well as blocks unauthorized applications. "I'm trying to keep them out of trouble," Martinez says. "People are always trying to test the boundaries."
Martinez says one of the most ambitious projects the city is undertaking now is single-sign on authentication using fingerprint biometrics for authentication in order to attain a higher security level than simple passwords.
The project makes use of Imprivata's single sign-on appliance, Microsoft Active Directory and UPEK scanners, and is starting with 150 city personnel, including the city's directors and those in law enforcement and emergency response.
Biometrics is important "because it all comes back to security," Martinez says. "You can use complex passwords, but you will have people writing sticky notes."
Saturday, December 13, 2008
Identity Theft Harder than Ever to Prevent
With so many companies leaking your personal information, it's more and more likely that you'll get your identity stolen at some point. But a new report from the US government reports that law enforcement is lagging way behind on convictions for identity theft.
In fact, say officials, convicting an identity thief is almost impossible.
Things aren't all gloom and doom. In 2007, 26 percent more identity thieves were convicted in the United States than in 2006. That's a huge jump, but it still means that only 1,943 people were convicted of identity theft last year — that's out of about 1.6 million reports of identity theft on file with the Federal Trade Commission. Partly this is because the techniques that ID thieves use are always changing with changing tech. But it's also because so many of these crimes happen across national lines.
According to Threat Level's David Kravets, though, the US has a few ideas about how to combat ID theft. Some are obvious, like using social security cards less often.
But others involve creating new mega-ID cards and a new law enforcement unit:
The 70-page document (.pdf) also includes 31 recommendations to combat identity theft. The report has a couple of interesting recommendations: the creation of a "National Identity Theft Law Enforcement Center" and providing victims of identity theft with a so-called passport "to prove they are who they say they are."
So basically if you're the victim of a ID thief, you'll have to carry around additional identity papers.
Welcome to more airport line-waiting nightmares, to say the very least.
In fact, say officials, convicting an identity thief is almost impossible.
Things aren't all gloom and doom. In 2007, 26 percent more identity thieves were convicted in the United States than in 2006. That's a huge jump, but it still means that only 1,943 people were convicted of identity theft last year — that's out of about 1.6 million reports of identity theft on file with the Federal Trade Commission. Partly this is because the techniques that ID thieves use are always changing with changing tech. But it's also because so many of these crimes happen across national lines.
According to Threat Level's David Kravets, though, the US has a few ideas about how to combat ID theft. Some are obvious, like using social security cards less often.
But others involve creating new mega-ID cards and a new law enforcement unit:
The 70-page document (.pdf) also includes 31 recommendations to combat identity theft. The report has a couple of interesting recommendations: the creation of a "National Identity Theft Law Enforcement Center" and providing victims of identity theft with a so-called passport "to prove they are who they say they are."
So basically if you're the victim of a ID thief, you'll have to carry around additional identity papers.
Welcome to more airport line-waiting nightmares, to say the very least.
Friday, December 12, 2008
Identity Theft Scam Targets Investors; E-Mail Claims To Be From The Internal Revenue Service
BY MONDEE TILLEY, MOUNT AIRY NEWS
POSTED: 9:23 am EST December 11, 2008
UPDATED: 10:46 am EST December 11, 2008
A new scam is targeting non-resident investors in the U.S. It is an e-mail message, reportedly from the IRS, that threatens to impose a 30-percent withholding tax on all income from the account if the recipient fails to disclose a great deal of confidential information.
Here is an excerpt from the e-mail message now hitting local and worldwide in-boxes:
“Our records indicate that you are a non-resident alien. As a result, you are exempted from the United States of America Tax reporting and with-holdings, on interest paid you on your account and other financial dealing to protect your exemption from tax on your account and other financial benefit in rectifying your exemption status.
“Therefore, you are to authenticate the following by completing the form W-4100B2, and return to us as soon as possible through the fax number: 1-646-731-6884.”
Sgt. Alan Freeman, a detective with the Mount Airy Police Department, said, “They seem to be targeting the Hispanic community. Whenever in doubt, seek professional advice. Call the IRS, or your local law enforcement agency. The IRS would not be sending this type of information via the Internet. They would not be asking questions about this type of information.”
Yvonne Nichols, executive assistant with the Greater Mount Airy Chamber of Commerce, said she received the e-mail in her inbox recently.
“I talked to the IRS, and they said they only correspond via mail, not e-mail.”
According to the Internal Revenue Service, the agency warns taxpayers about Internet scams in which fraudulent e-mails are sent that appear to be from the IRS.
The e-mails direct the consumer to a Web link that requests personal and financial information, such as Social Security, bank account or credit card numbers. The practice of tricking victims into revealing private personal and financial information over the Internet is known as “phishing” for information.
The IRS does not send out unsolicited e-mails or ask for detailed personal and financial information. Additionally, the IRS never asks people for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.
The information fraudulently obtained by scammers is used to steal the taxpayer’s identity and then his or her financial assets. Generally, identity thieves use someone’s personal data to steal his or her financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name and even file fraudulent tax returns to obtain refunds rightfully belonging to the victim.
“Don’t be fooled by these shameless scam artists. The IRS doesn’t send unsolicited e-mail,” said IRS Commissioner Mark W. Everson. “Always exercise caution when you receive unsolicited e-mails or e-mails from senders you don’t know, and always verify the source.”
Last year, the IRS established an electronic mail box, phishing@irs.gov, to receive copies of possibly fraudulent e-mails involving misuse of the IRS name, logo or Web site for investigation. Since the establishment of the mail box, the IRS has received more than 17,700 e-mails from taxpayers reporting more than 240 separate phishing incidents. To date, investigations by the Treasury Inspector General for Tax Administration (TIGTA) have identified host sites in at least 27 different countries, as well as in the United States.
The only genuine IRS Web site is www.IRS.gov.
More information on phishing schemes and others, including abusive tax avoidance transactions, frivolous arguments and more, may be found on the Compliance and Enforcement page on this Web site. For information on preventing or handling the aftermath of identity theft, visit the Federal Trade Commission’s (FTC) Web site.
POSTED: 9:23 am EST December 11, 2008
UPDATED: 10:46 am EST December 11, 2008
A new scam is targeting non-resident investors in the U.S. It is an e-mail message, reportedly from the IRS, that threatens to impose a 30-percent withholding tax on all income from the account if the recipient fails to disclose a great deal of confidential information.
Here is an excerpt from the e-mail message now hitting local and worldwide in-boxes:
“Our records indicate that you are a non-resident alien. As a result, you are exempted from the United States of America Tax reporting and with-holdings, on interest paid you on your account and other financial dealing to protect your exemption from tax on your account and other financial benefit in rectifying your exemption status.
“Therefore, you are to authenticate the following by completing the form W-4100B2, and return to us as soon as possible through the fax number: 1-646-731-6884.”
Sgt. Alan Freeman, a detective with the Mount Airy Police Department, said, “They seem to be targeting the Hispanic community. Whenever in doubt, seek professional advice. Call the IRS, or your local law enforcement agency. The IRS would not be sending this type of information via the Internet. They would not be asking questions about this type of information.”
Yvonne Nichols, executive assistant with the Greater Mount Airy Chamber of Commerce, said she received the e-mail in her inbox recently.
“I talked to the IRS, and they said they only correspond via mail, not e-mail.”
According to the Internal Revenue Service, the agency warns taxpayers about Internet scams in which fraudulent e-mails are sent that appear to be from the IRS.
The e-mails direct the consumer to a Web link that requests personal and financial information, such as Social Security, bank account or credit card numbers. The practice of tricking victims into revealing private personal and financial information over the Internet is known as “phishing” for information.
The IRS does not send out unsolicited e-mails or ask for detailed personal and financial information. Additionally, the IRS never asks people for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.
The information fraudulently obtained by scammers is used to steal the taxpayer’s identity and then his or her financial assets. Generally, identity thieves use someone’s personal data to steal his or her financial accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name and even file fraudulent tax returns to obtain refunds rightfully belonging to the victim.
“Don’t be fooled by these shameless scam artists. The IRS doesn’t send unsolicited e-mail,” said IRS Commissioner Mark W. Everson. “Always exercise caution when you receive unsolicited e-mails or e-mails from senders you don’t know, and always verify the source.”
Last year, the IRS established an electronic mail box, phishing@irs.gov, to receive copies of possibly fraudulent e-mails involving misuse of the IRS name, logo or Web site for investigation. Since the establishment of the mail box, the IRS has received more than 17,700 e-mails from taxpayers reporting more than 240 separate phishing incidents. To date, investigations by the Treasury Inspector General for Tax Administration (TIGTA) have identified host sites in at least 27 different countries, as well as in the United States.
The only genuine IRS Web site is www.IRS.gov.
More information on phishing schemes and others, including abusive tax avoidance transactions, frivolous arguments and more, may be found on the Compliance and Enforcement page on this Web site. For information on preventing or handling the aftermath of identity theft, visit the Federal Trade Commission’s (FTC) Web site.
Wednesday, December 10, 2008
MORE TIPS AND COMMENTS
Every one loves a "Top 10" this time of year, so here is a great one from our friends at Kroll Fraud Solutions. It was put together by Brian Lapidus - Kroll Fraud Solution chief operating officer and identity theft expert. Enjoy!
1. Beware the Word "Prevent"
No person and no product can prevent identity theft. As long as criminals can benefit from stealing, there will be theft. Sensitive personal information (SPI) is everywhere, housed and archived in a mind-boggling variety of ways. Individuals and companies can reduce access to SPI and improve safeguards around it by working to change how we share, collect, store and dispose of information.
2. There Are No Guarantees
This mantra holds true for a lot of things in life and dealing with identity theft is no exception. While a number of instances of fraud can be restored to pre-theft status, some identity dilemmas simply can’t be fixed. If you’re on the ‘no fly list’ thanks to an imposter or an error, you’ll stay there. A third-party solution cannot deliver a remedy.
3. Watch for "Shoulder Surfers" and "Skimmers"
Shield the entry of personal identification numbers (PINs), and be aware of people standing entirely too close by when using your credit or debit card in public. Especially with the advent of cell phone cameras, a sneaky, shoulder surfing thief can get your private information pretty easily, if you’re not careful. It’s also advisable to use teller machines that are familiar to you, so you are in a better position to identify when the equipment looks different or doesn’t “feel right.” Your increased awareness may reveal a skimmer’s attempt to steal PINs and banking details at that site.
4. Keep Your Social Security Card Safe at Home
Unless you’re on your way to fill out a job application, there are very few reasons to carry around the crown jewel of SPI. At lunch a few weeks ago, the woman beside me opened her wallet for a credit card and there was her Social Security card, too. Remember, ID theft and fraud are not exclusively credit-related – thieves can use a clean Social Security number to construct a whole new life.
Additional note from Dave: I regularly receive emails from Fight Identity Theft visitors explaining how they just had their purse or wallet stolen with their Social Security card inside. Remove that card today!
5. Destroy Before You Dump That Old Computer
Erasing data just enables the computer to write over that space again; it doesn’t actually eliminate the original bits and bytes. Physically remove the hard-drive to ensure you’re not tossing out or passing along your personal details. Our company is often called upon to recover data from an erased or damaged drive; we’re very good at it – and so are some professional thieves.
Additional note from Dave: You could also consider using a software tool like Eraser to do a complete wipe of your drive. If you physically remove your drive, smash the drive with a hammer (find someone strong) before throwing it in the trash.
6. Choose "Forget Me’ Instead of "Remember Me"
How many Web sites do you frequent that invite you to enable an automatic log on the next time you visit? Don’t check that box! When convenience trumps confidentiality, you’re asking for trouble. The harder you make it for hackers to follow your trail into an online store or bank account, the better.
Additional note from Dave: This is absolutely necessary when using public computers. In fact, you should avoid accessing any secure sites from a public computer (like a library, internet cafe) or when using a public wireless network or wifi hotspot.
7. Don’t Rely On Fraud Alerts Or Credit Freezes Alone
Fraud alerts are meant to stop an identity thief from opening new accounts in your name. Credit freezes let you restrict access to your credit report, which would also make it hard for someone else to open new accounts. But, neither one will stop a thief from trading your SPI for cash, or using it for tax fraud or in any of the countless other ways fraudsters exploit stolen identities.
8. Practice Prudent Posting
Social networking sites on the internet enable individuals around the world to chat, share photos, recruit employees, date, post resumes, auction property, and more. Because the Web makes it possible for any posted document to link with another, any data you put out online have the potential to stay there for what amounts to electronic eternity.
Additional note from Dave: I suggest creating usernames or an email address that don't contain your name or anything traceable to you, whenever possible. You also might consider using different usernames on different sites. This makes sense because if someone is able to determine that you use "CatLuvr55" on one site, it's an easy search to track down "CatLuvr55" on any other sites where you have a profile.
9. Keep That Key
When you check out of a hotel where you were issued a card-key to unlock the door to your room, don’t leave the card-key behind. Hold on to it until you’re safely home and can shred or otherwise discard it safely. Some say it’s an urban myth that the card-keys hold vital details like credit card numbers, while others report having tested and confirmed the presence of private data coded into the magnetic strip. Even if there’s no definitive answer, why risk it?
Additional note from Dave: Not sure I'm convinced on this one. I'd need to see more data showing that it is a problem. Snopes.com debunks this pretty thoroughly.
10. What’s In Your Wallet?
Make photocopies of the personal material in your wallet: Driver’s license, credit cards, insurance cards, all of it – front and back. Should your wallet be lost or stolen, you won’t be left wondering what was actually taken, and you’ll be able to quickly notify the appropriate agencies about what has taken place.
Source: -http://fightidentitytheft.com/blog/-2/top-10-identity-theft-tips-for-2008/
****************************************************
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
www.mplss.com
1. Beware the Word "Prevent"
No person and no product can prevent identity theft. As long as criminals can benefit from stealing, there will be theft. Sensitive personal information (SPI) is everywhere, housed and archived in a mind-boggling variety of ways. Individuals and companies can reduce access to SPI and improve safeguards around it by working to change how we share, collect, store and dispose of information.
2. There Are No Guarantees
This mantra holds true for a lot of things in life and dealing with identity theft is no exception. While a number of instances of fraud can be restored to pre-theft status, some identity dilemmas simply can’t be fixed. If you’re on the ‘no fly list’ thanks to an imposter or an error, you’ll stay there. A third-party solution cannot deliver a remedy.
3. Watch for "Shoulder Surfers" and "Skimmers"
Shield the entry of personal identification numbers (PINs), and be aware of people standing entirely too close by when using your credit or debit card in public. Especially with the advent of cell phone cameras, a sneaky, shoulder surfing thief can get your private information pretty easily, if you’re not careful. It’s also advisable to use teller machines that are familiar to you, so you are in a better position to identify when the equipment looks different or doesn’t “feel right.” Your increased awareness may reveal a skimmer’s attempt to steal PINs and banking details at that site.
4. Keep Your Social Security Card Safe at Home
Unless you’re on your way to fill out a job application, there are very few reasons to carry around the crown jewel of SPI. At lunch a few weeks ago, the woman beside me opened her wallet for a credit card and there was her Social Security card, too. Remember, ID theft and fraud are not exclusively credit-related – thieves can use a clean Social Security number to construct a whole new life.
Additional note from Dave: I regularly receive emails from Fight Identity Theft visitors explaining how they just had their purse or wallet stolen with their Social Security card inside. Remove that card today!
5. Destroy Before You Dump That Old Computer
Erasing data just enables the computer to write over that space again; it doesn’t actually eliminate the original bits and bytes. Physically remove the hard-drive to ensure you’re not tossing out or passing along your personal details. Our company is often called upon to recover data from an erased or damaged drive; we’re very good at it – and so are some professional thieves.
Additional note from Dave: You could also consider using a software tool like Eraser to do a complete wipe of your drive. If you physically remove your drive, smash the drive with a hammer (find someone strong) before throwing it in the trash.
6. Choose "Forget Me’ Instead of "Remember Me"
How many Web sites do you frequent that invite you to enable an automatic log on the next time you visit? Don’t check that box! When convenience trumps confidentiality, you’re asking for trouble. The harder you make it for hackers to follow your trail into an online store or bank account, the better.
Additional note from Dave: This is absolutely necessary when using public computers. In fact, you should avoid accessing any secure sites from a public computer (like a library, internet cafe) or when using a public wireless network or wifi hotspot.
7. Don’t Rely On Fraud Alerts Or Credit Freezes Alone
Fraud alerts are meant to stop an identity thief from opening new accounts in your name. Credit freezes let you restrict access to your credit report, which would also make it hard for someone else to open new accounts. But, neither one will stop a thief from trading your SPI for cash, or using it for tax fraud or in any of the countless other ways fraudsters exploit stolen identities.
8. Practice Prudent Posting
Social networking sites on the internet enable individuals around the world to chat, share photos, recruit employees, date, post resumes, auction property, and more. Because the Web makes it possible for any posted document to link with another, any data you put out online have the potential to stay there for what amounts to electronic eternity.
Additional note from Dave: I suggest creating usernames or an email address that don't contain your name or anything traceable to you, whenever possible. You also might consider using different usernames on different sites. This makes sense because if someone is able to determine that you use "CatLuvr55" on one site, it's an easy search to track down "CatLuvr55" on any other sites where you have a profile.
9. Keep That Key
When you check out of a hotel where you were issued a card-key to unlock the door to your room, don’t leave the card-key behind. Hold on to it until you’re safely home and can shred or otherwise discard it safely. Some say it’s an urban myth that the card-keys hold vital details like credit card numbers, while others report having tested and confirmed the presence of private data coded into the magnetic strip. Even if there’s no definitive answer, why risk it?
Additional note from Dave: Not sure I'm convinced on this one. I'd need to see more data showing that it is a problem. Snopes.com debunks this pretty thoroughly.
10. What’s In Your Wallet?
Make photocopies of the personal material in your wallet: Driver’s license, credit cards, insurance cards, all of it – front and back. Should your wallet be lost or stolen, you won’t be left wondering what was actually taken, and you’ll be able to quickly notify the appropriate agencies about what has taken place.
Source: -http://fightidentitytheft.com/blog/-2/top-10-identity-theft-tips-for-2008/
****************************************************
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
www.mplss.com
Tuesday, December 9, 2008
How can you prevent identity theft from happening to you?
- Promptly remove mail from your mailbox after delivery.
- Deposit outgoing mail in post office collection mailboxes or at your local post office. Do not leave in unsecured mail receptacles.
- Never give personal information over the telephone, such as your social security number, date of birth, mother's maiden name, credit card number, or bank PIN code, unless you initiated the phone call. Protect this information and release it only when absolutely necessary.
- Shred pre-approved credit applications, credit card receipts, bills, and other financial information you don't want before discarding them in the trash or recycling bin.
- Empty your wallet of extra credit cards and IDs, or better yet, cancel the ones you do not use and maintain a list of the ones you do.
- Order your credit report from the three credit bureaus once a year to check for fraudulent activity or other discrepancies.
- Never leave receipts at bank machines, bank counters, trash receptacles, or unattended gasoline pumps. Keep track of all your paperwork. When you no longer need it, destroy it.
- Memorize your social security number and all of your passwords. Do not record them on any cards or on anything in your wallet or purse. Sign all new credit cards upon receipt.
- Save all credit card receipts and match them against your monthly bills.
- Be conscious of normal receipt of routine financial statements. Contact the sender if they are not received in the mail.
- Notify your credit card companies and financial institutions in advance of any change of address or phone number.
- Never loan your credit cards to anyone else.
- Never put your credit card or any other financial account number on a postcard or on the outside of an envelope.
- If you applied for a new credit card and it hasn't arrived in a timely manner, call the bank or credit card company involved.
- Report all lost or stolen credit cards immediately.
- Closely monitor expiration dates on your credit cards. Contact the credit card issuer if replacement cards are not received prior to the expiration dates.
- Beware of mail or telephone solicitations disguised as promotions offering instant prizes or awards designed solely to obtain your personal information or credit card numbers.
- Use caution when disclosing checking account numbers, credit card numbers, or other personal financial data at any Web site or on-line service location unless you receive a secured authentication key from your provider.
- When you subscribe to an on-line service, you may be asked to give credit card information. When you enter any interactive service site, beware of con artists who may ask you to "confirm" your enrollment service by disclosing passwords or the credit card account number used to subscribe. Don't give them out!
Monday, December 8, 2008
Guard Yourself Against Identity Theft on Social Networks
08:14 AM CST on Monday, December 8, 2008
By PAMELA YIP / The Dallas Morning News pyip@dallasnews.com
The next source of identity theft may be social networking Web sites.
"There's a growing problem, and the risks are increasing," said Scott Mitic, chief executive of TrustedID, which has identity-theft protection products for consumers and businesses.
Officials of the Federal Trade Commission, which enforces identity theft laws, said they know of no ID theft cases that have arisen from social networking sites, but you can't be too careful.
Thieves are constantly searching for new ways to get you to divulge any sliver of personal information so they can tap into your wallet.
And social networking sites such as MySpace and Facebook are becoming a "growing pool of valuable information that at some point thieves may consider more valuable than a credit report," Mr. Mitic said.
For example, most of us use facts associated with our lives as user words or passwords, and thieves are learning they can mine these facts from social networking sites.
"I know most Americans who, if they have pets, that's usually their password," Mr. Mitic said. "The information that may seem innocuous to share may have real value to individuals with criminal minds."
Social networking sites enable people to freely express themselves in a way that may cause them to unwittingly drop morsels of information that criminals can extract to steal their identity.
Here's how it might work:
Your profile says that you live in Texas, you were born in Dallas, your beloved pet's name is Max and that you like to spend time with your parents, Dick and Jane.
It also says that today you're venting your anger at your bank – Bank XYZ – because it's been slow to resolve a problem with your account.
Now criminals know the name of your bank, the name of your pet and your mother's name. They will seek to learn your mother's maiden name, which is often used as a security question on bank Web sites.
Here are some tips to protect yourself online. You've heard them before, but they're particularly important for social networking sites because the information you post can be accessed by others:
•Never post sensitive personal data, such as your Social Security number, driver's license number and bank account numbers.
That includes your hometown, mother's maiden name, your date of birth, your high school, the hospital or city in which your were born and your favorite color.
"There are all of these secret-password answer questions," Mr. Mitic said.
•Avoid telling everyone your physical location and what you're doing at the very moment, especially if you're away from home. That's an invitation for someone to burglarize your home.
•Manage privacy controls on social networks. Set your profile to "Private" to prevent uninvited people from viewing your personal information.
•Don't make your password easy to guess.
•Only allow people you know to view your personal profile. Be careful about allowing strangers to view your profile because people aren't always who they say they are.
Officials of social networking site Facebook said they give users tools to protect themselves.
"Facebook users' profiles are by default accessible only to confirmed friends and others in a given network, and we've put in place additional protections for more sensitive information like phone number, e-mail, and home address," said spokesman Simon Axten. "Users can control access to information as they see fit using the extensive and particular settings we offer."
Users of MySpace also can control how visitors and other MySpace members communicate with them by controlling their account settings.
It reminds users that their personal profile and MySpace forums are public spaces and advises users to not post sensitive personal information.
Many of you will see this advice and say it's unrealistic because I'm practically muzzling you. But you have to decide how much information you want to share.
"How safe do you want to be?" Mr. Mitic said. "How risky a lifestyle do you want to live? We live in a world where it can be dangerous to publicly expose personal information about yourself. If you want to live a safer life, you need to be more protective of your information."
Bottom line: Have fun but be safe.
***********************************************
Let us help you with your identity theft protection needs. We provide monitoring and restoration benefits to all our members. For more information, visit www.mplss.com or call our office toll free at (800) 306-3063. Happy holidays to all of you!!
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
By PAMELA YIP / The Dallas Morning News pyip@dallasnews.com
The next source of identity theft may be social networking Web sites.
"There's a growing problem, and the risks are increasing," said Scott Mitic, chief executive of TrustedID, which has identity-theft protection products for consumers and businesses.
Officials of the Federal Trade Commission, which enforces identity theft laws, said they know of no ID theft cases that have arisen from social networking sites, but you can't be too careful.
Thieves are constantly searching for new ways to get you to divulge any sliver of personal information so they can tap into your wallet.
And social networking sites such as MySpace and Facebook are becoming a "growing pool of valuable information that at some point thieves may consider more valuable than a credit report," Mr. Mitic said.
For example, most of us use facts associated with our lives as user words or passwords, and thieves are learning they can mine these facts from social networking sites.
"I know most Americans who, if they have pets, that's usually their password," Mr. Mitic said. "The information that may seem innocuous to share may have real value to individuals with criminal minds."
Social networking sites enable people to freely express themselves in a way that may cause them to unwittingly drop morsels of information that criminals can extract to steal their identity.
Here's how it might work:
Your profile says that you live in Texas, you were born in Dallas, your beloved pet's name is Max and that you like to spend time with your parents, Dick and Jane.
It also says that today you're venting your anger at your bank – Bank XYZ – because it's been slow to resolve a problem with your account.
Now criminals know the name of your bank, the name of your pet and your mother's name. They will seek to learn your mother's maiden name, which is often used as a security question on bank Web sites.
Here are some tips to protect yourself online. You've heard them before, but they're particularly important for social networking sites because the information you post can be accessed by others:
•Never post sensitive personal data, such as your Social Security number, driver's license number and bank account numbers.
That includes your hometown, mother's maiden name, your date of birth, your high school, the hospital or city in which your were born and your favorite color.
"There are all of these secret-password answer questions," Mr. Mitic said.
•Avoid telling everyone your physical location and what you're doing at the very moment, especially if you're away from home. That's an invitation for someone to burglarize your home.
•Manage privacy controls on social networks. Set your profile to "Private" to prevent uninvited people from viewing your personal information.
•Don't make your password easy to guess.
•Only allow people you know to view your personal profile. Be careful about allowing strangers to view your profile because people aren't always who they say they are.
Officials of social networking site Facebook said they give users tools to protect themselves.
"Facebook users' profiles are by default accessible only to confirmed friends and others in a given network, and we've put in place additional protections for more sensitive information like phone number, e-mail, and home address," said spokesman Simon Axten. "Users can control access to information as they see fit using the extensive and particular settings we offer."
Users of MySpace also can control how visitors and other MySpace members communicate with them by controlling their account settings.
It reminds users that their personal profile and MySpace forums are public spaces and advises users to not post sensitive personal information.
Many of you will see this advice and say it's unrealistic because I'm practically muzzling you. But you have to decide how much information you want to share.
"How safe do you want to be?" Mr. Mitic said. "How risky a lifestyle do you want to live? We live in a world where it can be dangerous to publicly expose personal information about yourself. If you want to live a safer life, you need to be more protective of your information."
Bottom line: Have fun but be safe.
***********************************************
Let us help you with your identity theft protection needs. We provide monitoring and restoration benefits to all our members. For more information, visit www.mplss.com or call our office toll free at (800) 306-3063. Happy holidays to all of you!!
Mel Rapozo
Certified Identity Theft Risk Management Specialist
M&P Legal Support Services, LLC
Subscribe to:
Posts (Atom)
